Total
669 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31426 | 1 Broadcom | 1 Fabric Operating System | 2024-02-15 | N/A | 6.5 MEDIUM |
| The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information. | |||||
| CVE-2023-47131 | 4 Google, Microsoft, Mozilla and 1 more | 4 Chrome, Edge, Firefox and 1 more | 2024-02-15 | N/A | 7.5 HIGH |
| The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file. | |||||
| CVE-2024-23448 | 1 Elastic | 1 Apm Server | 2024-02-15 | N/A | 7.5 HIGH |
| An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs. | |||||
| CVE-2024-22464 | 1 Dell | 1 Emc Appsync | 2024-02-15 | N/A | 6.8 MEDIUM |
| Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account. | |||||
| CVE-2024-23760 | 1 Gambio | 1 Gambio | 2024-02-15 | N/A | 2.7 LOW |
| Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot. | |||||
| CVE-2017-5137 | 1 Sendquick | 4 Avera Sms Gateway, Avera Sms Gateway Firmware, Entera Sms Gateway and 1 more | 2024-02-14 | 5.0 MEDIUM | 6.2 MEDIUM |
| An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective. | |||||
| CVE-2024-0935 | 1 3ds | 1 Delmia Apriso | 2024-02-09 | N/A | 7.5 HIGH |
| Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024 | |||||
| CVE-2024-24939 | 1 Jetbrains | 1 Rider | 2024-02-09 | N/A | 5.3 MEDIUM |
| In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible | |||||
| CVE-2023-52143 | 1 Noorsplugin | 1 Wp Stripe Checkout | 2024-02-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkout.This issue affects WP Stripe Checkout: from n/a through 1.2.2.37. | |||||
| CVE-2023-51508 | 1 Meowapps | 1 Database Cleaner | 2024-02-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Database Cleaner: Clean, Optimize & Repair.This issue affects Database Cleaner: Clean, Optimize & Repair: from n/a through 0.9.8. | |||||
| CVE-2023-51490 | 1 Wpmudev | 1 Defender Security | 2024-02-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0. | |||||
| CVE-2023-51408 | 1 Studiowombat | 1 Wp Optin Wheel | 2024-02-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce.This issue affects WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce: from n/a through 1.4.3. | |||||
| CVE-2023-52146 | 1 Ajexperience | 1 404 Solution | 2024-02-06 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0. | |||||
| CVE-2024-23840 | 1 Goreleaser | 1 Goreleaser | 2024-02-05 | N/A | 5.5 MEDIUM |
| GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. `goreleaser release --debug` log shows secret values used in the in the custom publisher. This vulnerability is fixed in 1.24.0. | |||||
| CVE-2023-43261 | 1 Milesight | 12 Ur32, Ur32 Firmware, Ur32l and 9 more | 2024-02-05 | N/A | 7.5 HIGH |
| An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components. | |||||
| CVE-2022-39046 | 2 Gnu, Netapp | 12 Glibc, H300s, H300s Firmware and 9 more | 2024-02-04 | N/A | 5.3 MEDIUM |
| An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap. | |||||
| CVE-2024-23791 | 1 Otrs | 1 Otrs | 2024-02-02 | N/A | 7.5 HIGH |
| Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1. | |||||
| CVE-2023-51702 | 1 Apache | 2 Airflow, Airflow Cncf Kubernetes | 2024-01-30 | N/A | 6.5 MEDIUM |
| Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an Airflow version between 2.3.0 and 2.6.0, the configuration dictionary will be logged as plain text in the triggerer service without masking. This allows anyone with access to the metadata or triggerer log to obtain the configuration file and use it to access the Kubernetes cluster. This behavior was changed in version 7.0.0, which stopped serializing the file contents and started providing the file path instead to read the contents into the trigger. Users are recommended to upgrade to version 7.0.0, which fixes this issue. | |||||
| CVE-2024-23686 | 1 Owasp | 1 Dependency-check | 2024-01-26 | N/A | 5.3 MEDIUM |
| DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file. | |||||
| CVE-2023-20207 | 1 Duo | 1 Authentication Proxy | 2024-01-25 | N/A | 6.5 MEDIUM |
| A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to view sensitive information in clear text. | |||||