Total
762 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-11932 | 1 Canonical | 1 Subiquity | 2024-02-28 | 2.1 LOW | 2.3 LOW |
It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered. | |||||
CVE-2019-20852 | 1 Mattermost | 1 Mattermost Mobile | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local logging is not blocked for sensitive information (e.g., server addresses or message content). | |||||
CVE-2019-16210 | 1 Broadcom | 1 Brocade Sannav | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save. | |||||
CVE-2019-11292 | 1 Pivotal Software | 1 Operations Manager | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well. | |||||
CVE-2019-14846 | 3 Debian, Opensuse, Redhat | 6 Debian Linux, Backports Sle, Leap and 3 more | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process. | |||||
CVE-2019-19150 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-02-28 | 3.5 LOW | 4.9 MEDIUM |
On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled. | |||||
CVE-2019-17397 | 1 Doordash | 1 Doordash | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | |||||
CVE-2020-1942 | 1 Apache | 1 Nifi | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was printed, potentially containing sensitive values in plaintext. | |||||
CVE-2019-10212 | 2 Netapp, Redhat | 8 Active Iq Unified Manager, Enterprise Linux, Jboss Data Grid and 5 more | 2024-02-28 | 4.3 MEDIUM | 9.8 CRITICAL |
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files. | |||||
CVE-2019-16116 | 1 Enterprisedt | 1 Completeftp Server | 2024-02-28 | 3.5 LOW | 4.3 MEDIUM |
EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash. | |||||
CVE-2020-7215 | 1 Gallagher | 1 Command Centre | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered in Gallagher Command Centre 7.x before 7.90.991(MR5), 8.00 before 8.00.1161(MR5), and 8.10 before 8.10.1134(MR4). External system configuration data (used for third party integrations such as DVR systems) were logged in the Command Centre event trail. Any authenticated operator with the 'view events' privilege could see the full configuration, including cleartext usernames and passwords, under the event details of a Modified DVR System event. | |||||
CVE-2019-17355 | 1 Orbitz | 1 Orbitz | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | |||||
CVE-2019-17395 | 1 Rapidgator | 1 Rapidgator | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | |||||
CVE-2020-4083 | 1 Hcltech | 1 Connections | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
HCL Connections 6.5 is vulnerable to possible information leakage. Connections could disclose sensitive information via trace logs to a local user. | |||||
CVE-2020-5225 | 1 Simplesamlphp | 1 Simplesamlphp | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content. | |||||
CVE-2019-11293 | 1 Cloudfoundry | 2 Cf-deployment, User Account And Authentication | 2024-02-28 | 3.5 LOW | 6.5 MEDIUM |
Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters. | |||||
CVE-2020-5400 | 1 Cloudfoundry | 2 Capi-release, Cf-deployment | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials. | |||||
CVE-2019-3429 | 1 Zte | 1 Zxcloud Goldendata Vap | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information. | |||||
CVE-2013-1771 | 1 Monkey-project | 1 Monkey | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo. | |||||
CVE-2019-16204 | 1 Broadcom | 1 Fabric Operating System | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server. |