Total
892 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22516 | 1 Microfocus | 1 Secure Api Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SAPIM) product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file. | |||||
| CVE-2021-22310 | 1 Huawei | 12 Nip6300, Nip6300 Firmware, Nip6600 and 9 more | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions include: NIP6300 versions V500R001C00,V500R001C20,V500R001C30;NIP6600 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6300 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6500 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6600 versions V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80;USG9500 versions V500R005C00,V500R005C10. | |||||
| CVE-2021-22219 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.4 MEDIUM |
| All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking. | |||||
| CVE-2021-22184 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted. | |||||
| CVE-2021-22143 | 1 Elastic | 1 Apm .net Agent | 2024-11-21 | N/A | 2.1 LOW |
| The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers will not be sanitized before being sent. | |||||
| CVE-2021-22133 | 1 Elastic | 1 Apm Agent | 2024-11-21 | 2.7 LOW | 2.4 LOW |
| The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it is possible the headers will not be sanitized before being sent. | |||||
| CVE-2021-22030 | 1 Greenplum | 1 Greenplum | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. A malicious user with access to logs can read sensitive(credentials) information about users | |||||
| CVE-2021-22024 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure. | |||||
| CVE-2021-21722 | 1 Zte | 2 Zxv10 B860a, Zxv10 B860a Firmware | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom. | |||||
| CVE-2021-21601 | 1 Dell | 2 Emc Data Protection Search, Emc Integrated Data Protection Appliance | 2024-11-21 | 2.1 LOW | 8.8 HIGH |
| Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account. | |||||
| CVE-2021-21598 | 1 Dell | 4 Wyse 3040 Thin Client, Wyse 5070 Thin Client, Wyse 5470 Thin Client and 1 more | 2024-11-21 | 2.1 LOW | 3.9 LOW |
| Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability. An authenticated attacker with physical access to the system could exploit this vulnerability to read sensitive Smartcard data in log files. | |||||
| CVE-2021-21597 | 1 Dell | 4 Wyse 3040 Thin Client, Wyse 5070 Thin Client, Wyse 5470 Thin Client and 1 more | 2024-11-21 | 2.1 LOW | 7.2 HIGH |
| Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclosure Vulnerability. An authenticated malicious user with physical access to the system could exploit this vulnerability to read sensitive information written to the log files. | |||||
| CVE-2021-21561 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files. | |||||
| CVE-2021-21558 | 1 Dell | 1 Emc Networker | 2024-11-21 | 2.1 LOW | 8.2 HIGH |
| Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the network domain. | |||||
| CVE-2021-21546 | 1 Dell | 1 Emc Networker | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files. | |||||
| CVE-2021-21361 | 1 Vagrant Project | 1 Vagrant | 2024-11-21 | 3.3 LOW | 5.3 MEDIUM |
| The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixed in version 3.0.0. | |||||
| CVE-2021-20536 | 2 Ibm, Microsoft | 2 Spectrum Protect Plus, Windows | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836. | |||||
| CVE-2021-20359 | 1 Ibm | 1 Cloud Pak For Automation | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user. IBM X-Force ID: 194966. | |||||
| CVE-2021-20191 | 2 Oracle, Redhat | 8 Virtualization, Ansible, Ansible Tower and 5 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected. | |||||
| CVE-2021-20180 | 1 Redhat | 1 Ansible | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. | |||||