Total
669 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-29550 | 1 Qualys | 1 Cloud Agent | 2024-04-11 | N/A | 5.5 MEDIUM |
An issue was discovered in Qualys Cloud Agent 4.8.0-49. It writes "ps auxwwe" output to the /var/log/qualys/qualys-cloud-agent-scan.log file. This may, for example, unexpectedly write credentials (from environment variables) to disk in cleartext. NOTE: there are no common circumstances in which qualys-cloud-agent-scan.log can be read by a user other than root; however, the file contents could be exposed through site-specific operational practices. The vendor does NOT characterize this as a vulnerability because the ps data collection is intentional, and would only capture credentials on a machine that was already affected by the CWE-214 weakness | |||||
CVE-2020-11968 | 1 Evenroute | 2 Iqrouter, Iqrouter Firmware | 2024-04-11 | 5.0 MEDIUM | 7.5 HIGH |
In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time” | |||||
CVE-2019-19039 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-04-11 | 1.9 LOW | 5.5 MEDIUM |
__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program. NOTE: The BTRFS development team disputes this issues as not being a vulnerability because “1) The kernel provide facilities to restrict access to dmesg - dmesg_restrict=1 sysctl option. So it's really up to the system administrator to judge whether dmesg access shall be disallowed or not. 2) WARN/WARN_ON are widely used macros in the linux kernel. If this CVE is considered valid this would mean there are literally thousands CVE lurking in the kernel - something which clearly is not the case. | |||||
CVE-2018-18466 | 1 Securenvoy | 1 Securaccess | 2024-04-11 | 1.9 LOW | 7.0 HIGH |
An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in the DEBUG folder) that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability since the disclosure of a local account password (actually an alpha numeric passcode) is achievable only when a custom registry key is added to the windows registry. This action requires administrator access and the registry key is only provided by support staff at securenvoy to troubleshoot customer issues | |||||
CVE-2024-31298 | 2024-04-10 | N/A | 5.3 MEDIUM | ||
Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.This issue affects User Spam Remover: from n/a through 1.0. | |||||
CVE-2024-31254 | 2024-04-10 | N/A | 3.7 LOW | ||
Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.7. | |||||
CVE-2024-31249 | 2024-04-10 | N/A | 5.3 MEDIUM | ||
Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725. | |||||
CVE-2024-31245 | 2024-04-10 | N/A | 5.3 MEDIUM | ||
Insertion of Sensitive Information into Log File vulnerability in ConvertKit.This issue affects ConvertKit: from n/a through 2.4.5. | |||||
CVE-2024-31259 | 2024-04-10 | N/A | 7.5 HIGH | ||
Insertion of Sensitive Information into Log File vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.5. | |||||
CVE-2024-31247 | 2024-04-10 | N/A | 5.3 MEDIUM | ||
Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Drupal to WordPress.This issue affects FG Drupal to WordPress: from n/a through 3.70.3. | |||||
CVE-2024-29945 | 1 Splunk | 1 Splunk | 2024-04-10 | N/A | 7.2 HIGH |
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at the DEBUG logging level. | |||||
CVE-2024-23677 | 1 Splunk | 2 Cloud, Splunk | 2024-04-10 | N/A | 5.3 MEDIUM |
In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file. | |||||
CVE-2023-46231 | 1 Splunk | 1 Add-on Builder | 2024-04-10 | N/A | 7.2 HIGH |
In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on. | |||||
CVE-2023-46230 | 1 Splunk | 1 Add-on Builder | 2024-04-10 | N/A | 4.9 MEDIUM |
In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files. | |||||
CVE-2024-25030 | 2024-04-03 | N/A | 6.2 MEDIUM | ||
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281677. | |||||
CVE-2024-22352 | 1 Ibm | 1 Infosphere Information Server | 2024-04-01 | N/A | 5.5 MEDIUM |
IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361. | |||||
CVE-2024-30523 | 2024-04-01 | N/A | 5.3 MEDIUM | ||
Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Mailchimp Add On pmpro-mailchimp.This issue affects Paid Memberships Pro – Mailchimp Add On: from n/a through 2.3.4. | |||||
CVE-2024-30511 | 2024-04-01 | N/A | 5.3 MEDIUM | ||
Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.45.1. | |||||
CVE-2024-30514 | 2024-04-01 | N/A | 5.3 MEDIUM | ||
Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Payfast Gateway Add On.This issue affects Paid Memberships Pro – Payfast Gateway Add On: from n/a through 1.4.1. | |||||
CVE-2024-25959 | 2024-03-28 | N/A | 7.9 HIGH | ||
Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges. |