Vulnerabilities (CVE)

Filtered by CWE-532
Total 803 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-2928 1 Ibm 1 Bigfix Remote Control 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive information by reading error logs.
CVE-2016-10819 1 Cpanel 1 Cpanel 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125).
CVE-2016-10526 1 Grunt-gh-pages Project 1 Grunt-gh-pages 2024-11-21 5.0 MEDIUM 8.6 HIGH
A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised.
CVE-2016-0898 1 Vmware 1 Pivotal Software Mysql 2024-11-21 5.0 MEDIUM 10.0 CRITICAL
MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.
CVE-2016-0879 1 Moxa 2 Edr-g903, Edr-g903 Firmware 2024-11-21 7.8 HIGH 7.5 HIGH
Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL.
CVE-2016-0875 1 Moxa 2 Edr-g903, Edr-g903 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL.
CVE-2016-0296 1 Ibm 1 Bigfix Platform 2024-11-21 2.1 LOW 3.3 LOW
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.
CVE-2015-8977 1 Mybb 2 Merge System, Mybb 2024-11-21 5.0 MEDIUM 7.5 HIGH
MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files.
CVE-2015-3243 1 Rsyslog 1 Rsyslog 2024-11-21 2.1 LOW 5.5 MEDIUM
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.
CVE-2015-1343 1 Canonical 1 Ubuntu Linux 2024-11-21 5.0 MEDIUM 2.0 LOW
All versions of unity-scope-gdrive logs search terms to syslog.
CVE-2014-3536 1 Redhat 1 Cloudforms Management Engine 2024-11-21 2.1 LOW 5.5 MEDIUM
CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration
CVE-2013-6384 1 Openstack 1 Ceilometer 2024-11-21 1.9 LOW N/A
(1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB password) by reading the log file.
CVE-2013-1771 1 Monkey-project 1 Monkey 2024-11-21 5.0 MEDIUM 7.5 HIGH
The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo.
CVE-2012-1156 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-11-21 5.0 MEDIUM 7.5 HIGH
Moodle before 2.2.2 has users' private files included in course backups
CVE-2011-1943 2 Fedoraproject, Gnome 2 Fedora, Networkmanager 2024-11-21 2.1 LOW N/A
The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file.
CVE-2001-1556 1 Apache 1 Http Server 2024-11-20 5.0 MEDIUM N/A
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
CVE-2024-52940 2024-11-18 N/A 7.5 HIGH
AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes a public IP address within network traffic. The attacker must know the victim's AnyDesk ID.
CVE-2024-11193 2024-11-15 N/A 6.5 MEDIUM
An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access to these logs to view the LDAP bind password. An attacker with log access could exploit this vulnerability to gain unauthorized access to the LDAP server, leading to potential exposure or compromise of LDAP-managed resources This issue affects YugabyteDB Anywhere: from 2.20.0.0 before 2.20.7.0, from 2.23.0.0 before 2.23.1.0, from 2024.1.0.0 before 2024.1.3.0.
CVE-2024-52009 2024-11-12 N/A N/A
Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Atlantis logs contains GitHub credentials (tokens `ghs_...`) when they are rotated. This enables an attacker able to read these logs to impersonate Atlantis application and to perform actions on GitHub. When Atlantis is used to administer a GitHub organization, this enables getting administration privileges on the organization. This was reported in #4060 and fixed in #4667 . The fix was included in Atlantis v0.30.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-51528 1 Huawei 2 Emui, Harmonyos 2024-11-07 N/A 5.5 MEDIUM
Vulnerability of improper log printing in the Super Home Screen module Impact: Successful exploitation of this vulnerability may affect service confidentiality.