Total
892 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22447 | 1 Intel | 1 Open Cache Acceleration Software | 2024-11-21 | N/A | 2.0 LOW |
| Insertion of sensitive information into log file in the Open CAS software for Linux maintained by Intel before version 22.6.2 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2023-21435 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.4 MEDIUM |
| Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log. | |||||
| CVE-2023-21387 | 1 Google | 1 Android | 2024-11-21 | N/A | 4.4 MEDIUM |
| In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-20891 | 1 Vmware | 2 Isolation Segment, Tanzu Application Service For Virtual Machines | 2024-11-21 | N/A | 6.5 MEDIUM |
| The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs. | |||||
| CVE-2023-20859 | 1 Vmware | 3 Spring Cloud Config, Spring Cloud Vault, Spring Vault | 2024-11-21 | N/A | 5.5 MEDIUM |
| In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token. | |||||
| CVE-2023-20207 | 1 Duo | 1 Authentication Proxy | 2024-11-21 | N/A | 4.9 MEDIUM |
| A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to view sensitive information in clear text. | |||||
| CVE-2023-1904 | 1 Octopus | 1 Octopus Server | 2024-11-21 | N/A | 4.2 MEDIUM |
| In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server. | |||||
| CVE-2023-1786 | 2 Canonical, Fedoraproject | 3 Cloud-init, Ubuntu Linux, Fedora | 2024-11-21 | N/A | 5.5 MEDIUM |
| Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. | |||||
| CVE-2023-1550 | 1 F5 | 2 Nginx Agent, Nginx Instance Manager | 2024-11-21 | N/A | 5.5 MEDIUM |
| Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when the non-default trace level logging is enabled. Note: NGINX Agent is included with NGINX Instance Manager and used in conjunction with NGINX API Connectivity Manager, and NGINX Management Suite Security Monitoring. | |||||
| CVE-2023-0815 | 1 Opennms | 2 Horizon, Meridian | 2024-11-21 | N/A | 6.8 MEDIUM |
| Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | |||||
| CVE-2023-0436 | 1 Mongodb | 1 Atlas Kubernetes Operator | 2024-11-21 | N/A | 4.5 MEDIUM |
| The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 1.6.1, 1.7.0. Please note that this is reported on an EOL version of the product, and users are advised to upgrade to the latest supported version. Required Configuration: DEBUG logging is not enabled by default, and must be configured by the end-user. To check the log-level of the Operator, review the flags passed in your deployment configuration (eg. https://github.com/mongodb/mongodb-atlas-kubernetes/blob/main/config/manager/manager.yaml#L27 https://github.com/mongodb/mongodb-atlas-kubernetes/blob/main/config/manager/manager.yaml#L27 ) | |||||
| CVE-2022-4858 | 1 M-files | 1 M-files Server | 2024-11-21 | N/A | 4.4 MEDIUM |
| Insertion of Sensitive Information into Log Files in M-Files Server before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set. | |||||
| CVE-2022-4311 | 1 Arcinformatique | 1 Pcvue | 2024-11-21 | N/A | 4.7 MEDIUM |
| An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This could allow a user with access to the log files to discover connection strings of data sources configured for the DbConnect, which could include credentials. Successful exploitation of this vulnerability could allow other users unauthorized access to the underlying data sources. | |||||
| CVE-2022-48435 | 1 Jetbrains | 1 Phpstorm | 2024-11-21 | N/A | 3.3 LOW |
| In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file | |||||
| CVE-2022-48319 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 6.5 MEDIUM |
| Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk <= 2.1.0p13, Checkmk <= 2.0.0p29, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to gain access to the host secret through the unprotected agent updater log file. | |||||
| CVE-2022-46647 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | N/A | 2.2 LOW |
| Insertion of sensitive information into log file for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-44745 | 1 Acronis | 1 Cyber Protect Home Office | 2024-11-21 | N/A | 5.5 MEDIUM |
| Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | |||||
| CVE-2022-44624 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 6.5 MEDIUM |
| In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters | |||||
| CVE-2022-44587 | 1 Melapress | 1 Wp 2fa | 2024-11-21 | N/A | 5.3 MEDIUM |
| Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3. | |||||
| CVE-2022-43954 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | N/A | 4.3 MEDIUM |
| An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page. | |||||