Total
892 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38067 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log | |||||
| CVE-2023-38064 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log | |||||
| CVE-2023-37224 | 1 Archerirm | 1 Archer | 2024-11-21 | N/A | 6.0 MEDIUM |
| An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files. | |||||
| CVE-2023-35695 | 1 Trendmicro | 1 Mobile Security | 2024-11-21 | N/A | 7.5 HIGH |
| A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product. | |||||
| CVE-2023-34223 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases | |||||
| CVE-2023-34097 | 1 Hoppscotch | 1 Hoppscotch | 2024-11-21 | N/A | 7.8 HIGH |
| hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs when showing the database connection string. Attackers with access to read system logs will be able to elevate privilege with full access to the database. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-32491 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | N/A | 6.3 MEDIUM |
| Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. A low privileges user could potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2023-32478 | 1 Dell | 1 Powerstoreos | 2024-11-21 | N/A | 9.0 CRITICAL |
| Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure. | |||||
| CVE-2023-32468 | 1 Dell | 1 Ecs Streamer | 2024-11-21 | N/A | 5.8 MEDIUM |
| Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of sensitive information in log files vulnerability. A remote malicious high-privileged user could potentially exploit this vulnerability leading to exposure of this sensitive data. | |||||
| CVE-2023-32455 | 1 Dell | 10 Latitude 3420, Latitude 3440, Latitude 5440 and 7 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files. | |||||
| CVE-2023-32447 | 1 Dell | 10 Latitude 3420, Latitude 3440, Latitude 5440 and 7 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. A malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files. | |||||
| CVE-2023-32446 | 1 Dell | 10 Latitude 3420, Latitude 3440, Latitude 5440 and 7 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files. | |||||
| CVE-2023-32392 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information. | |||||
| CVE-2023-32283 | 1 Intel | 1 On Demand | 2024-11-21 | N/A | 5.5 MEDIUM |
| Insertion of sensitive information into log file in some Intel(R) On Demand software before versions 1.16.2, 2.1.1, 3.1.0 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2023-31426 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | N/A | 6.8 MEDIUM |
| The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information. | |||||
| CVE-2023-31422 | 1 Elastic | 1 Kibana | 2024-11-21 | N/A | 9.0 CRITICAL |
| An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1 which resolves this issue. The error object recorded in the log contains request information, which can include sensitive data, such as authentication credentials, cookies, authorization headers, query params, request paths, and other metadata. Some examples of sensitive data which can be included in the logs are account credentials for kibana_system, kibana-metricbeat, or Kibana end-users. | |||||
| CVE-2023-30721 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.4 MEDIUM |
| Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log. | |||||
| CVE-2023-30618 | 1 Kitchen-terraform Project | 1 Kitchen-terraform | 2024-11-21 | N/A | 3.2 LOW |
| Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the `info` logging level during the `kitchen converge` action. Prior to v7.0.0, the output values were printed at the `debug` level to avoid writing sensitive values to the terminal by default. An attacker would need access to the local machine in order to gain access to these logs during an operation. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-30430 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | N/A | 5.5 MEDIUM |
| IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183. | |||||
| CVE-2023-2514 | 1 Mattermost | 1 Mattermost | 2024-11-21 | N/A | 6.7 MEDIUM |
| Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization. | |||||