Total
1034 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-22869 | 1 Ibm | 1 Aspera Faspex | 2024-12-19 | 5.5 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 244119. | ||||
| CVE-2023-20885 | 1 Pivotal | 3 Cloud Foundry Nfs Volume, Cloud Foundry Notifications, Cloud Foundry Smb Volume | 2024-12-16 | 6.5 Medium |
| Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions prior to 7.1.19. | ||||
| CVE-2024-42407 | 2024-12-12 | 8.5 High | ||
| Insertion of Sensitive Information into Log File (CWE-532) in the Gallagher Command Centre Alarm Transmitter feature could allow an authenticated Operator to view some security sensitive information to which they have not been granted access. This issue affects: Command Centre Server 9.10 prior to 9.10.2149 (MR4), 9.00 prior to 9.00.2374 (MR5), 8.90 prior to 8.90.2356 (MR6), all versions of 8.80 and prior. | ||||
| CVE-2023-2514 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 6.7 Medium |
| Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization. | ||||
| CVE-2023-32392 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-05 | 5.5 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information. | ||||
| CVE-2023-35695 | 1 Trendmicro | 1 Mobile Security | 2024-12-05 | 7.5 High |
| A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product. | ||||
| CVE-2024-28830 | 1 Checkmk | 1 Checkmk | 2024-12-04 | 2.7 Low |
| Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators. | ||||
| CVE-2024-22335 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-12-04 | 5.1 Medium |
| IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279975. | ||||
| CVE-2024-22336 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-12-04 | 5.1 Medium |
| IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976. | ||||
| CVE-2024-22337 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-12-03 | 5.1 Medium |
| IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279977. | ||||
| CVE-2023-50951 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-12-03 | 4 Medium |
| IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 in some circumstances will log some sensitive information about invalid authorization attempts. IBM X-Force ID: 275747. | ||||
| CVE-2024-38862 | 1 Checkmk | 1 Checkmk | 2024-12-03 | 4.4 Medium |
| Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators. | ||||
| CVE-2023-4677 | 1 Artica | 1 Pandora Fms | 2024-12-02 | 7 High |
| Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This issue affects Pandora FMS <= 772. | ||||
| CVE-2023-49922 | 1 Elastic | 1 Elastic Beats | 2024-12-02 | 6.8 Medium |
| An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Beats or Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default. | ||||
| CVE-2018-0335 | 1 Cisco | 1 Prime Collaboration | 2024-11-29 | N/A |
| A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring a specific World-Readable file for this authentication data (Cleartext Passwords). An exploit could allow the attacker to gain authentication information for other users. Cisco Bug IDs: CSCvd86602. | ||||
| CVE-2024-52940 | 1 Anydesk | 1 Anydesk | 2024-11-23 | 7.5 High |
| AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes a public IP address within network traffic. The attacker must know the victim's AnyDesk ID. | ||||
| CVE-2024-6687 | 1 Thisfunctional | 1 Ctt Expresso Para Woocommerce | 2024-11-23 | 5.3 Medium |
| The CTT Expresso para WooCommerce plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 3.2.12 via the /wp-content/uploads/cepw directory. The generated .pdf and log files are publicly accessible and contain sensitive information such as sender and receiver names, phone numbers, physical addresses, and email addresses | ||||
| CVE-2019-1953 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure | 2024-11-21 | 6.5 Medium |
| A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to view a password in clear text. The vulnerability is due to incorrectly logging the admin password when a user is forced to modify the default password when logging in to the web portal for the first time. Subsequent password changes are not logged and other accounts are not affected. An attacker could exploit this vulnerability by viewing the admin clear text password and using it to access the affected system. The attacker would need a valid user account to exploit this vulnerability. | ||||
| CVE-2019-1961 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure | 2024-11-21 | 4.9 Medium |
| A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to the improper input validation of tar packages uploaded through the Web Portal to the Image Repository. An attacker could exploit this vulnerability by uploading a crafted tar package and viewing the log entries that are generated. A successful exploit could allow the attacker to read arbitrary files on the underlying OS. | ||||
| CVE-2024-11165 | 2024-11-21 | N/A | ||
| An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the yb_backup log files, exposing the SAS token in plaintext. The leakage occurs during the backup procedure, leading to potential unauthorized access to resources associated with the SAS token. This issue affects YugabyteDB Anywhere: from 2.20.0.0 before 2.20.7.0, from 2.23.0.0 before 2.23.1.0, from 2024.1.0.0 before 2024.1.3.0. | ||||