Total
678 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4443 | 1 Redhat | 1 Enterprise Virtualization | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file. | |||||
| CVE-2016-8346 | 1 Moxa | 3 Edr-810, Edr-810-vpn, Edr-810 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION). | |||||
| CVE-2016-8233 | 1 Lenovo | 1 Xclarity Administrator | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. | |||||
| CVE-2017-8074 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||||
| CVE-2017-8075 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||||
| CVE-2016-9985 | 1 Ibm | 1 Cognos Business Intelligence | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671. | |||||
| CVE-2017-5153 | 1 Osisoft | 2 Pi Coresight, Pi Web Api | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
| An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials. | |||||
| CVE-2016-8912 | 1 Ibm | 1 Kenexa Lms On Cloud | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user. | |||||
| CVE-2017-7214 | 1 Openstack | 1 Nova | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens. | |||||
| CVE-2016-5967 | 1 Ibm | 1 Rational Asset Analyzer | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users to discover the WAS Admin password by reading IM native logs. | |||||
| CVE-2016-6799 | 1 Apache | 1 Cordova | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications. | |||||
| CVE-2017-5549 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log. | |||||
| CVE-2016-0875 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL. | |||||
| CVE-2016-0879 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL. | |||||
| CVE-2016-5432 | 1 Redhat | 2 Enterprise Linux, Enterprise Virtualization | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files. | |||||
| CVE-2013-6384 | 1 Openstack | 1 Ceilometer | 2023-12-10 | 1.9 LOW | N/A |
| (1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB password) by reading the log file. | |||||
| CVE-2011-1943 | 2 Fedoraproject, Gnome | 2 Fedora, Networkmanager | 2023-12-10 | 2.1 LOW | N/A |
| The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file. | |||||
| CVE-2001-1556 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep. | |||||