Total
678 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-0029 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
| Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can access the Splunk server. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | |||||
| CVE-2018-16859 | 1 Redhat | 1 Ansible Engine | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
| Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable. | |||||
| CVE-2017-15113 | 2 Ovirt, Redhat | 2 Ovirt, Virtualization | 2023-12-10 | 3.5 LOW | 6.6 MEDIUM |
| ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues. | |||||
| CVE-2018-1264 | 1 Pivotal Software | 1 Cloud Foundry Log Cache | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case, if this client is an admin, the attacker would gain complete control over the Foundation. | |||||
| CVE-2019-0266 | 1 Sap | 1 Hana Extended Application Services | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking information is increased. | |||||
| CVE-2018-19863 | 1 Agilebits | 1 1password | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on macOS. A mistake in error logging resulted in instances where sensitive data passed from Safari to 1Password could be logged locally on the user's machine. This data could include usernames and passwords that a user manually entered into Safari. | |||||
| CVE-2019-8944 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (and before 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files. | |||||
| CVE-2019-0004 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | |||||
| CVE-2018-11717 | 1 Zohocorp | 1 Manageengine Desktop Central | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain (depending on the modules configured) the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail settings of the EAS account (an AD account used to send mail), the cleartext password of recovery_password of Android devices, the cleartext password of account "set", the location of devices enrolled in the platform (with UUID and information related to the name of the person at the location), critical information about all enrolled devices such as Serial Number, UUID, Model, Name, and auth_session_token (usable to spoof a terminal identity on the platform), etc. | |||||
| CVE-2018-1768 | 1 Ibm | 1 Spectrum Protect Plus | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
| IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622. | |||||
| CVE-2019-4008 | 1 Ibm | 1 Api Connect | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626. | |||||
| CVE-2018-16889 | 1 Redhat | 1 Ceph | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable. | |||||
| CVE-2018-16095 | 1 Lenovo | 8 System Management Module Firmware, Thinkagile Hx Enclosure 7x81, Thinkagile Hx Enclosure 7y87 and 5 more | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails. | |||||
| CVE-2018-19865 | 2 Opensuse, Qt | 2 Leap, Qt | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. | |||||
| CVE-2018-7754 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file. | |||||
| CVE-2018-19786 | 1 Hashicorp | 1 Vault | 2023-12-10 | 4.3 MEDIUM | 8.1 HIGH |
| HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported. | |||||
| CVE-2018-17447 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | |||||
| CVE-2018-3776 | 1 Nextcloud | 1 Nextcloud Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log. | |||||
| CVE-2018-15001 | 1 Vivo | 2 V7, V7 Firmware | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.bsptest (versionCode=1, versionName=1.0) containing an exported activity app component named com.vivo.bsptest.BSPTestActivity that allows any app co-located on the device to initiate the writing of the logcat log, bluetooth log, and kernel log to external storage. When logging is enabled, there is a notification in the status bar, so it is not completely transparent to the user. The user can cancel the logging, but it can be re-enabled since the app with a package name of com.vivo.bsptest cannot be disabled. The writing of these logs can be initiated by an app co-located on the device, although the READ_EXTERNAL_STORAGE permission is necessary to for an app to access the log files. | |||||
| CVE-2018-16049 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message. | |||||