Total
762 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-0741 | 1 Microsoft | 1 Java Software Development Kit | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An information disclosure vulnerability exists in the way Azure IoT Java SDK logs sensitive information, aka 'Azure IoT Java SDK Information Disclosure Vulnerability'. | |||||
CVE-2019-1953 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to view a password in clear text. The vulnerability is due to incorrectly logging the admin password when a user is forced to modify the default password when logging in to the web portal for the first time. Subsequent password changes are not logged and other accounts are not affected. An attacker could exploit this vulnerability by viewing the admin clear text password and using it to access the affected system. The attacker would need a valid user account to exploit this vulnerability. | |||||
CVE-2019-6648 | 2 F5, Redhat | 2 Container Ingress Service, Openshift | 2024-02-28 | 1.9 LOW | 4.4 MEDIUM |
On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. | |||||
CVE-2019-10194 | 2 Ovirt, Redhat | 2 Ovirt, Virtualization Manager | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts. | |||||
CVE-2019-3716 | 1 Rsa | 1 Archer Grc Platform | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks. | |||||
CVE-2019-15294 | 1 Gallagher | 1 Command Centre | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Command_centre.log file. | |||||
CVE-2019-15508 | 1 Octopus | 2 Server, Tentacle | 2024-02-28 | 3.5 LOW | 6.5 MEDIUM |
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The fix was back-ported to 4.0.7. | |||||
CVE-2019-6157 | 2 Ibm, Lenovo | 84 Bladecenter Hs22, Bladecenter Hs22 Firmware, Bladecenter Hs23 and 81 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support. | |||||
CVE-2019-0202 | 1 Apache | 1 Storm | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints. | |||||
CVE-2019-10358 | 1 Jenkins | 1 Maven | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log. | |||||
CVE-2019-10345 | 1 Jenkins | 1 Configuration As Code | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export. | |||||
CVE-2019-4296 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-02-28 | 2.1 LOW | 3.3 LOW |
IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759. | |||||
CVE-2019-9734 | 1 Aquaverde | 1 Aquarius Cms | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Aquarius CMS through 4.3.5 writes POST and GET parameters (including passwords) to a log file due to an overwriting of configuration parameters under certain circumstances. | |||||
CVE-2019-3888 | 2 Netapp, Redhat | 7 Active Iq Unified Manager, Enterprise Linux, Jboss Data Grid and 4 more | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange) | |||||
CVE-2019-15507 | 1 Octopus | 1 Server | 2024-02-28 | 3.5 LOW | 6.5 MEDIUM |
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. The fix was back-ported to LTS 2019.6.7 as well as LTS 2019.3.8. | |||||
CVE-2019-11492 | 1 Projectsend | 1 Projectsend | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
ProjectSend before r1070 writes user passwords to the server logs. | |||||
CVE-2018-19583 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token. | |||||
CVE-2019-10165 | 1 Redhat | 1 Openshift Container Platform | 2024-02-28 | 2.1 LOW | 2.3 LOW |
OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources. | |||||
CVE-2019-11250 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift Container Platform | 2024-02-28 | 3.5 LOW | 6.5 MEDIUM |
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected. | |||||
CVE-2019-0032 | 1 Juniper | 2 Service Insight, Service Now | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1. |