Total
915 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34550 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.This issue affects Dynamics 365 Integration: from n/a through 1.3.17. | |||||
| CVE-2024-34527 | 2024-11-21 | N/A | 7.5 HIGH | ||
| spaces_plugin/app.py in SolidUI 0.4.0 has an unnecessary print statement for an OpenAI key. The printed string might be logged. | |||||
| CVE-2024-34353 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
| The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side `key backup` stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides a redundant copy in case all devices are lost. The key backup uses asymmetric cryptography, with each server-side key backup assigned a unique public-private key pair. Due to a logic bug introduced in commit 71136e44c03c79f80d6d1a2446673bc4d53a2067, matrix-sdk-crypto version 0.7.0 will sometimes log the private part of the backup key pair to Rust debug logs (using the `tracing` crate). This issue has been resolved in matrix-sdk-crypto version 0.7.1. No known workarounds are available. | |||||
| CVE-2024-33922 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information into Log File vulnerability in Jordy Meow WP Media Cleaner.This issue affects WP Media Cleaner: from n/a through 6.7.2. | |||||
| CVE-2024-33637 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Insertion of Sensitive Information into Log File vulnerability in Solid Plugins Solid Affiliate.This issue affects Solid Affiliate: from n/a through 1.9.1. | |||||
| CVE-2024-32953 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Insertion of Sensitive Information into Log File vulnerability in Newsletters.This issue affects Newsletters: from n/a through 4.9.5. | |||||
| CVE-2024-32825 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Insertion of Sensitive Information into Log File vulnerability in Patrick Posner Simply Static.This issue affects Simply Static: from n/a through 3.1.3. | |||||
| CVE-2024-32811 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.4. | |||||
| CVE-2024-32796 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Insertion of Sensitive Information into Log File vulnerability in Very Good Plugins WP Fusion Lite.This issue affects WP Fusion Lite: from n/a through 3.42.10. | |||||
| CVE-2024-32788 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Joomla to WordPress.This issue affects FG Joomla to WordPress: from n/a through 4.20.2. | |||||
| CVE-2024-32757 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
| Under certain circumstances unnecessary user details are provided within system logs | |||||
| CVE-2024-32686 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information into Log File vulnerability in Inisev Backup Migration.This issue affects Backup Migration: from n/a through 1.4.3. | |||||
| CVE-2024-32513 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information into Log File vulnerability in AdTribes.Io Product Feed PRO for WooCommerce.This issue affects Product Feed PRO for WooCommerce: from n/a through 13.3.1. | |||||
| CVE-2024-32051 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Insertion of sensitive information into log file issue exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may obtain sensitive information. | |||||
| CVE-2024-31353 | 1 Tribulant | 1 Slideshow Gallery | 2024-11-21 | N/A | 5.3 MEDIUM |
| Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. | |||||
| CVE-2024-31216 | 2024-11-21 | N/A | 5.1 MEDIUM | ||
| The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to version 1.2.5, when source-controller was configured to use an Azure SAS token when connecting to Azure Blob Storage, the token was logged along with the Azure URL when the controller encountered a connection error. An attacker with access to the source-controller logs could use the token to gain access to the Azure Blob Storage until the token expires. This vulnerability was fixed in source-controller v1.2.5. There is no workaround for this vulnerability except for using a different auth mechanism such as Azure Workload Identity. | |||||
| CVE-2024-30523 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Mailchimp Add On pmpro-mailchimp.This issue affects Paid Memberships Pro – Mailchimp Add On: from n/a through 2.3.4. | |||||
| CVE-2024-30514 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Payfast Gateway Add On.This issue affects Paid Memberships Pro – Payfast Gateway Add On: from n/a through 1.4.1. | |||||
| CVE-2024-30511 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.45.1. | |||||
| CVE-2024-2877 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
| Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8. | |||||