Total
799 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8719 | 1 Wpsecurityauditlog | 1 Wp Security Audit Log | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. For example, these files are indexed by Google and allows for attackers to possibly find sensitive information. | |||||
| CVE-2018-7754 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file. | |||||
| CVE-2018-7683 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files. | |||||
| CVE-2018-7682 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains. | |||||
| CVE-2018-7433 | 1 Ithemes | 1 Security | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page. | |||||
| CVE-2018-7204 | 1 Giribaz | 1 File Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If a user edits the wp-config.php file using this plugin, the wp-config.php contents get added to log.txt, which is not protected and contains database credentials, salts, etc. These files have been indexed by Google and a simple dork will find affected sites. | |||||
| CVE-2018-6971 | 1 Vmware | 1 Horizon View Agents | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during installation (including silent installations). Successful exploitation of this issue may allow low privileged users access to the credentials specified during the Horizon View Agent installation. | |||||
| CVE-2018-6599 | 1 Orbic | 2 Wonder Rc555l, Wonder Rc555l Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices, allowing attackers to obtain sensitive information (such as text-message content) by reading a copy of the Android log on the SD card. The system-wide Android logs are not directly available to third-party apps since they tend to contain sensitive data. Third-party apps can read from the log but only the log messages that the app itself has written. Certain apps can leak data to the Android log due to not sanitizing log messages, which is in an insecure programming practice. Pre-installed system apps and apps that are signed with the framework key can read from the system-wide Android log. We found a pre-installed app on the Orbic Wonder that when started via an Intent will write the Android log to the SD card, also known as external storage, via com.ckt.mmitest.MmiMainActivity. Any app that requests the READ_EXTERNAL_STORAGE permission can read from the SD card. Therefore, a local app on the device can quickly start a specific component in the pre-installed system app to have the Android log written to the SD card. Therefore, any app co-located on the device with the READ_EXTERNAL_STORAGE permission can obtain the data contained within the Android log and continually monitor it and mine the log for relevant data. In addition, the default messaging app (com.android.mms) writes the body of sent and received text messages to the Android log, as well as the recipient phone number for sent text messages and the sending phone number for received text messages. In addition, any call data contains phone numbers for sent and received calls. | |||||
| CVE-2018-5693 | 1 Linuxmagic | 1 Magicspam | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog. | |||||
| CVE-2018-3828 | 1 Elastic | 1 Elastic Cloud Enterprise | 2024-11-21 | 3.5 LOW | 7.5 HIGH |
| Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to the logging cluster may obtain leaked credentials and perform authenticated actions using these credentials. | |||||
| CVE-2018-3827 | 1 Elastic | 1 Azure Repository | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged. | |||||
| CVE-2018-3776 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log. | |||||
| CVE-2018-3609 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations. | |||||
| CVE-2018-2440 | 1 Sap | 1 Dynamic Authorization Management | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| Under certain circumstances SAP Dynamic Authorization Management (DAM) by NextLabs (Java Policy Controller versions 7.7 and 8.5) exposes sensitive information in the application logs. | |||||
| CVE-2018-2372 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication. | |||||
| CVE-2018-20956 | 1 Swann | 2 Swwhd-intcam-hd, Swwhd-intcam-hd Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset. NOTE: all affected customers were migrated by 2020-08-31. | |||||
| CVE-2018-1876 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. IBM X-Force ID: 151707. | |||||
| CVE-2018-1788 | 1 Ibm | 1 Spectrum Protect Server | 2024-11-21 | 2.1 LOW | 4.1 MEDIUM |
| IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873. | |||||
| CVE-2018-1768 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 2.1 LOW | 5.6 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622. | |||||
| CVE-2018-1350 | 1 Netiq | 1 Identity Manager | 2024-11-21 | 5.0 MEDIUM | 2.3 LOW |
| The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration. | |||||