Vulnerabilities (CVE)

Filtered by CWE-532
Total 799 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-21933 1 Motorola 2 Cx2, Cx2 Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n where the admin password and private key could be found in the log tar package.
CVE-2021-22516 1 Microfocus 1 Secure Api Manager 2024-02-28 5.0 MEDIUM 7.5 HIGH
Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SAPIM) product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file.
CVE-2021-28131 1 Apache 1 Impala 2024-02-28 6.0 MEDIUM 7.5 HIGH
Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the attacker is able to execute statements for which they don't have the necessary privileges otherwise. Impala deployments with Apache Sentry or Apache Ranger authorization enabled may be vulnerable to privilege escalation if an authenticated attacker is able to hijack a session or query from another authenticated user with privileges not assigned to the attacker. Impala deployments with audit logging enabled may be vulnerable to incorrect audit logging as a user could undertake actions that were logged under the name of a different authenticated user. Constructing an attack requires a high degree of technical sophistication and access to the Impala system as an authenticated user. Mitigation: If an Impala deployment uses Apache Sentry, Apache Ranger or audit logging, then users should upgrade to a version of Impala with the fix for IMPALA-10600. The Impala 4.0 release includes this fix. This hides session secrets from the logs to eliminate the risk of any attack using this mechanism. In lieu of an upgrade, restricting access to logs that expose secrets will reduce the risk of an attack. Restricting access to the Impala deployment to trusted users will also reduce the risk of an attack. Log redaction techniques can be used to redact secrets from the logs.
CVE-2021-27019 1 Puppet 2 Puppet Enterprise, Puppetdb 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
PuppetDB logging included potentially sensitive system information.
CVE-2021-22219 1 Gitlab 1 Gitlab 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.
CVE-2021-32801 1 Nextcloud 1 Nextcloud Server 2024-02-28 2.1 LOW 5.5 MEDIUM
Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. If upgrading is not an option users are advised to disable system logging to resolve this issue until such time that an upgrade can be performed Note that ff you do not use the Encryption-at-Rest functionality of Nextcloud you are not affected by this bug.
CVE-2021-32767 1 Typo3 1 Typo3 2024-02-28 3.5 LOW 6.5 MEDIUM
TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 versions 9.5.28, 10.4.18, 11.3.1 contain a patch for this vulnerability.
CVE-2021-22024 1 Vmware 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager 2024-02-28 5.0 MEDIUM 7.5 HIGH
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure.
CVE-2021-39291 1 Netmodule 16 Nb1600, Nb1601, Nb1800 and 13 more 2024-02-28 6.5 MEDIUM 8.8 HIGH
Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.
CVE-2021-21601 1 Dell 2 Emc Data Protection Search, Emc Integrated Data Protection Appliance 2024-02-28 2.1 LOW 7.8 HIGH
Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account.
CVE-2021-21546 1 Dell 1 Emc Networker 2024-02-28 2.1 LOW 5.5 MEDIUM
Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files.
CVE-2021-21558 1 Dell 1 Emc Networker 2024-02-28 2.1 LOW 4.4 MEDIUM
Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the network domain.
CVE-2021-35299 1 Zammad 1 Zammad 2024-02-28 5.0 MEDIUM 7.5 HIGH
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing.
CVE-2021-29759 1 Ibm 1 App Connect Enterprise Certified Container 2024-02-28 2.1 LOW 2.3 LOW
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212.
CVE-2021-22929 1 Brave 1 Brave 2024-02-28 3.6 LOW 6.1 MEDIUM
An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log.
CVE-2021-25421 1 Samsung 1 Galaxy Watch 3 Plugin 2024-02-28 2.1 LOW 5.5 MEDIUM
Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.
CVE-2021-27022 1 Puppet 2 Puppet, Puppet Enterprise 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes).
CVE-2021-3425 1 Redhat 1 Jboss A-mq 2024-02-28 2.1 LOW 4.4 MEDIUM
A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable.
CVE-2021-26999 1 Netapp 1 Cloud Manager 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. The logged information is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version.
CVE-2021-20178 2 Fedoraproject, Redhat 3 Fedora, Ansible, Ansible Tower 2024-02-28 2.1 LOW 5.5 MEDIUM
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.