Vulnerabilities (CVE)

Filtered by CWE-532
Total 796 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-8001 2 Dell, Linux 2 Emc Scaleio, Linux Kernel 2024-02-28 2.1 LOW 8.4 HIGH
An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials.
CVE-2015-3243 1 Rsyslog 1 Rsyslog 2024-02-28 2.1 LOW 5.5 MEDIUM
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.
CVE-2017-6709 1 Cisco 1 Ultra Services Framework 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability exists because the affected software logs administrative credentials in clear text for Cisco ESC and Cisco OpenStack deployment purposes. An attacker could exploit this vulnerability by accessing the AutoVNF URL for the location where the log files are stored and subsequently accessing the administrative credentials that are stored in clear text in those log files. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76659.
CVE-2017-9615 1 Cognito 1 Moneyworks 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file.
CVE-2017-15572 2 Debian, Redmine 2 Debian Linux, Redmine 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect.
CVE-2017-16946 1 Misp 1 Misp 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.
CVE-2017-6139 1 F5 1 Big-ip Access Policy Manager 2024-02-28 4.3 MEDIUM 5.9 MEDIUM
In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk.
CVE-2017-4955 1 Pivotal Software 1 Cloud Foundry Elastic Runtime 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.
CVE-2017-11134 1 Stashcat 1 Heinekingmedia 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The login credentials are written into a log file on the device. Hence, an attacker with access to the logs can read them.
CVE-2017-6165 1 F5 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the "/var/log/ltm" log file.
CVE-2017-7550 1 Redhat 2 Ansible, Enterprise Linux Server 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation.
CVE-2016-9985 1 Ibm 1 Cognos Business Intelligence 2024-02-28 2.1 LOW 5.5 MEDIUM
IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.
CVE-2017-8075 1 Tp-link 2 Tl-sg108e, Tl-sg108e Firmware 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
CVE-2017-5153 1 Osisoft 2 Pi Coresight, Pi Web Api 2024-02-28 2.1 LOW 7.8 HIGH
An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials.
CVE-2016-0296 1 Ibm 1 Bigfix Platform 2024-02-28 2.1 LOW 3.3 LOW
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.
CVE-2016-6799 1 Apache 1 Cordova 2024-02-28 5.0 MEDIUM 7.5 HIGH
Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications.
CVE-2016-8912 1 Ibm 1 Kenexa Lms On Cloud 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.
CVE-2017-5137 1 Sendquick 4 Avera Sms Gateway, Avera Sms Gateway Firmware, Entera Sms Gateway and 1 more 2024-02-28 5.0 MEDIUM 6.2 MEDIUM
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective.
CVE-2017-8074 1 Tp-link 2 Tl-sg108e, Tl-sg108e Firmware 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
CVE-2016-8233 1 Lenovo 1 Xclarity Administrator 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user.