Total
803 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-2928 | 1 Ibm | 1 Bigfix Remote Control | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive information by reading error logs. | |||||
CVE-2016-10819 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125). | |||||
CVE-2016-10526 | 1 Grunt-gh-pages Project | 1 Grunt-gh-pages | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised. | |||||
CVE-2016-0898 | 1 Vmware | 1 Pivotal Software Mysql | 2024-11-21 | 5.0 MEDIUM | 10.0 CRITICAL |
MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM. | |||||
CVE-2016-0879 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL. | |||||
CVE-2016-0875 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL. | |||||
CVE-2016-0296 | 1 Ibm | 1 Bigfix Platform | 2024-11-21 | 2.1 LOW | 3.3 LOW |
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user. | |||||
CVE-2015-8977 | 1 Mybb | 2 Merge System, Mybb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files. | |||||
CVE-2015-3243 | 1 Rsyslog | 1 Rsyslog | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron. | |||||
CVE-2015-1343 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 5.0 MEDIUM | 2.0 LOW |
All versions of unity-scope-gdrive logs search terms to syslog. | |||||
CVE-2014-3536 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration | |||||
CVE-2013-6384 | 1 Openstack | 1 Ceilometer | 2024-11-21 | 1.9 LOW | N/A |
(1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB password) by reading the log file. | |||||
CVE-2013-1771 | 1 Monkey-project | 1 Monkey | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo. | |||||
CVE-2012-1156 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Moodle before 2.2.2 has users' private files included in course backups | |||||
CVE-2011-1943 | 2 Fedoraproject, Gnome | 2 Fedora, Networkmanager | 2024-11-21 | 2.1 LOW | N/A |
The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file. | |||||
CVE-2001-1556 | 1 Apache | 1 Http Server | 2024-11-20 | 5.0 MEDIUM | N/A |
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep. | |||||
CVE-2024-52940 | 2024-11-18 | N/A | 7.5 HIGH | ||
AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes a public IP address within network traffic. The attacker must know the victim's AnyDesk ID. | |||||
CVE-2024-11193 | 2024-11-15 | N/A | 6.5 MEDIUM | ||
An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access to these logs to view the LDAP bind password. An attacker with log access could exploit this vulnerability to gain unauthorized access to the LDAP server, leading to potential exposure or compromise of LDAP-managed resources This issue affects YugabyteDB Anywhere: from 2.20.0.0 before 2.20.7.0, from 2.23.0.0 before 2.23.1.0, from 2024.1.0.0 before 2024.1.3.0. | |||||
CVE-2024-52009 | 2024-11-12 | N/A | N/A | ||
Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Atlantis logs contains GitHub credentials (tokens `ghs_...`) when they are rotated. This enables an attacker able to read these logs to impersonate Atlantis application and to perform actions on GitHub. When Atlantis is used to administer a GitHub organization, this enables getting administration privileges on the organization. This was reported in #4060 and fixed in #4667 . The fix was included in Atlantis v0.30.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2024-51528 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
Vulnerability of improper log printing in the Super Home Screen module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |