Total
762 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-1622 | 1 Cisco | 1 Data Center Network Manager | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download log files and diagnostic information from the affected device. | |||||
CVE-2019-10370 | 1 Jenkins | 1 Mask Passwords | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure. | |||||
CVE-2019-3830 | 2 Openstack, Redhat | 2 Ceilometer, Openstack | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated. | |||||
CVE-2018-16856 | 2 Openstack, Redhat | 2 Octavia, Openstack | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure. | |||||
CVE-2017-18412 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 1.9 LOW | 2.5 LOW |
cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296). | |||||
CVE-2019-4225 | 1 Ibm | 1 Pureapplication System | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242. | |||||
CVE-2017-18426 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288). | |||||
CVE-2019-13515 | 1 Osisoft | 1 Pi Web Api | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information. | |||||
CVE-2019-13509 | 1 Docker | 1 Docker | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret. | |||||
CVE-2019-9724 | 1 Aquaverde | 1 Aquarius Cms | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
aquaverde Aquarius CMS through 4.3.5 allows Information Exposure through Log Files because of an error in the Log-File writer component. | |||||
CVE-2016-10819 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125). | |||||
CVE-2019-10364 | 1 Jenkins | 1 Ec2 | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log. | |||||
CVE-2019-11273 | 1 Pivotal Software | 1 Pivotal Container Service | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information. | |||||
CVE-2019-3763 | 1 Dell | 2 Rsa Identity Governance And Lifecycle, Rsa Via Lifecycle And Governance | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks. | |||||
CVE-2017-18423 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 3.3 LOW |
In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273). | |||||
CVE-2019-11549 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors. | |||||
CVE-2019-7612 | 2 Elastic, Netapp | 2 Logstash, Active Iq Performance Analytics Services | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message. | |||||
CVE-2019-5532 | 1 Vmware | 1 Vcenter Server | 2024-02-28 | 4.0 MEDIUM | 7.7 HIGH |
VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine). | |||||
CVE-2018-20956 | 1 Swann | 2 Swwhd-intcam-hd, Swwhd-intcam-hd Firmware | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset. NOTE: all affected customers were migrated by 2020-08-31. | |||||
CVE-2019-10367 | 1 Jenkins | 1 Configuration As Code | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied. |