Total
762 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14864 | 3 Debian, Opensuse, Redhat | 8 Debian Linux, Backports Sle, Leap and 5 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data. | |||||
| CVE-2019-10695 | 1 Puppet | 1 Continuous Delivery | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user’s username and password were exposed in the job’s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module. | |||||
| CVE-2019-6662 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that data. | |||||
| CVE-2019-17394 | 1 Seesaw | 1 Parent And Family | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | |||||
| CVE-2019-6656 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM 13.1.0 and later, the APM Clients components can be updated independently from BIG-IP software. Client version 7.1.8 (7180.2019.508.705) and later has the fix. | |||||
| CVE-2019-10195 | 2 Fedoraproject, Freeipa | 2 Fedora, Freeipa | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to produce log file content with passwords exposed. | |||||
| CVE-2012-1156 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Moodle before 2.2.2 has users' private files included in course backups | |||||
| CVE-2019-17396 | 1 Powerschool | 1 Powerschool Mobile | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | |||||
| CVE-2020-0018 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
| In MotionEntry::appendDescription of InputDispatcher.cpp, there is a possible log information disclosure. This could lead to local disclosure of user input with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139945049 | |||||
| CVE-2019-6158 | 1 Lenovo | 1 Xclarity Administrator | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x. | |||||
| CVE-2018-19513 | 1 Ens | 1 Webgalamb | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log filenames. The log file could contain sensitive client data (email addresses) and also facilitates exploitation of SQL injection errors. | |||||
| CVE-2019-4143 | 1 Ibm | 1 Cloud Private | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. IBM X-Force ID: 158348. | |||||
| CVE-2018-17499 | 1 Envoy | 1 Passport | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive information. | |||||
| CVE-2019-13098 | 2 Google, Tronlink | 2 Android, Wallet | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| The user password via the registration form of TronLink Wallet 2.2.0 is stored in the log when the class CreateWalletTwoActivity is called. Other authenticated users can read it in the log later. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications. | |||||
| CVE-2019-4299 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-02-28 | 1.9 LOW | 5.5 MEDIUM |
| IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765. | |||||
| CVE-2019-9929 | 1 Northern | 1 Cfengine | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions. | |||||
| CVE-2015-1343 | 1 Canonical | 1 Ubuntu Linux | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions of unity-scope-gdrive logs search terms to syslog. | |||||
| CVE-2019-14268 | 1 Octopus | 1 Octopus Deploy | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authenticated user (in certain limited circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.3. The fix was back-ported to LTS 2019.6.5 as well as LTS 2019.3.7. | |||||
| CVE-2019-9976 | 1 Dasannetworks | 2 H660rm, H660rm Firmware | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
| The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users. | |||||
| CVE-2019-11465 | 1 Couchbase | 1 Couchbase Server | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted. | |||||