Total
762 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25640 | 1 Redhat | 1 Wildfly | 2024-02-28 | 3.5 LOW | 5.3 MEDIUM |
| A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file. | |||||
| CVE-2021-25350 | 2 Google, Samsung | 2 Android, Account | 2024-02-28 | 2.1 LOW | 3.9 LOW |
| Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log. | |||||
| CVE-2020-6317 | 1 Sap | 1 Adaptive Server Enterprise | 2024-02-28 | 2.7 LOW | 3.5 LOW |
| In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions - 15.7, 16.0. | |||||
| CVE-2021-3032 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
| An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of the configuration including the username and password in an encrypted form and private keys used in any certificate profiles set for log forwarding server profiles. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. | |||||
| CVE-2020-10762 | 1 Redhat | 1 Gluster-block | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations. This includes recording passwords to the cmd_history.log file which is world-readable. This flaw allows local users to obtain sensitive information by reading the log file. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2020-7021 | 1 Elastic | 1 Elasticsearch | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details. | |||||
| CVE-2020-2048 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 2.1 LOW | 3.3 LOW |
| An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.2. | |||||
| CVE-2020-26416 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
| Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2. | |||||
| CVE-2021-1226 | 1 Cisco | 5 Emergency Responder, Prime License Manager, Unified Communications Manager and 2 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices. | |||||
| CVE-2021-21361 | 1 Vagrant Project | 1 Vagrant | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
| The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixed in version 3.0.0. | |||||
| CVE-2021-3034 | 1 Paloaltonetworks | 1 Cortex Xsoar | 2024-02-28 | 3.6 LOW | 5.1 MEDIUM |
| An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144. | |||||
| CVE-2021-21722 | 1 Zte | 2 Zxv10 B860a, Zxv10 B860a Firmware | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
| A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom. | |||||
| CVE-2020-8566 | 1 Kubernetes | 1 Kubernetes | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13. | |||||
| CVE-2020-15370 | 1 Broadcom | 1 Fabric Operating System | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files. | |||||
| CVE-2020-26605 | 1 Google | 1 Android | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Exynos chipsets) software. They allow attackers to obtain sensitive information by reading a log. The Samsung ID is SVE-2020-18596 (October 2020). | |||||
| CVE-2020-8565 | 1 Kubernetes | 1 Kubernetes | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2. | |||||
| CVE-2020-25987 | 1 Monocms | 1 Monocms | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash. | |||||
| CVE-2021-22133 | 1 Elastic | 1 Apm Agent | 2024-02-28 | 2.7 LOW | 2.4 LOW |
| The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it is possible the headers will not be sanitized before being sent. | |||||
| CVE-2021-25688 | 1 Teradici | 2 Pcoip Graphics Agent, Pcoip Standard Agent | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application logs. | |||||
| CVE-2020-8564 | 1 Kubernetes | 1 Kubernetes | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13. | |||||