Total
669 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-5693 | 1 Linuxmagic | 1 Magicspam | 2023-12-10 | 2.1 LOW | 3.3 LOW |
The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog. | |||||
CVE-2017-11134 | 1 Stashcat | 1 Heinekingmedia | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The login credentials are written into a log file on the device. Hence, an attacker with access to the logs can read them. | |||||
CVE-2017-6165 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the "/var/log/ltm" log file. | |||||
CVE-2017-1727 | 1 Ibm | 1 Security Key Lifecycle Manager | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869. | |||||
CVE-2017-6139 | 1 F5 | 1 Big-ip Access Policy Manager | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk. | |||||
CVE-2016-2943 | 1 Ibm | 1 Bigfix Remote Control | 2023-12-10 | 1.9 LOW | 1.9 LOW |
IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by leveraging unspecified privileges to read a log file. | |||||
CVE-2015-8977 | 1 Mybb | 2 Merge System, Mybb | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files. | |||||
CVE-2016-9882 | 1 Cloudfoundry | 2 Capi-release, Cf-release | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggregator via syslog. | |||||
CVE-2016-2928 | 1 Ibm | 1 Bigfix Remote Control | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive information by reading error logs. | |||||
CVE-2016-0296 | 1 Ibm | 1 Bigfix Platform | 2023-12-10 | 2.1 LOW | 3.3 LOW |
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user. | |||||
CVE-2016-9344 | 1 Moxa | 6 Miineport E1, Miineport E1 Firmware, Miineport E2 and 3 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files. | |||||
CVE-2016-4443 | 1 Redhat | 1 Enterprise Virtualization | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file. | |||||
CVE-2016-8346 | 1 Moxa | 3 Edr-810, Edr-810-vpn, Edr-810 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION). | |||||
CVE-2016-8233 | 1 Lenovo | 1 Xclarity Administrator | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. | |||||
CVE-2017-8074 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||||
CVE-2017-8075 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||||
CVE-2016-9985 | 1 Ibm | 1 Cognos Business Intelligence | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671. | |||||
CVE-2017-5153 | 1 Osisoft | 2 Pi Coresight, Pi Web Api | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials. | |||||
CVE-2016-8912 | 1 Ibm | 1 Kenexa Lms On Cloud | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user. | |||||
CVE-2017-7214 | 1 Openstack | 1 Nova | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens. |