Total
758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5182 | 1 Canonical | 1 Subiquity | 2023-10-11 | N/A | 5.5 MEDIUM |
| Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege. | |||||
| CVE-2021-32050 | 1 Mongodb | 5 C\+\+, C Driver, Node.js and 2 more | 2023-10-06 | N/A | 7.5 HIGH |
| Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default). This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0). | |||||
| CVE-2023-3349 | 1 Ayesa | 1 Ibermatica Rps | 2023-10-05 | N/A | 7.5 HIGH |
| Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the URL /RPS2019Service/status.html, the application enables the logging mechanism by generating the log file, which can be downloaded. | |||||
| CVE-2023-3350 | 1 Ayesa | 1 Ibermatica Rps | 2023-10-05 | N/A | 7.5 HIGH |
| A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, which can be decrypted with a .NET function, obtaining the username's password in plain text. | |||||
| CVE-2023-2878 | 1 Kubernetes | 1 Secrets-store-csi-driver | 2023-10-02 | N/A | 5.5 MEDIUM |
| Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs. | |||||
| CVE-2023-44155 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2023-09-28 | N/A | 7.5 HIGH |
| Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | |||||
| CVE-2023-22644 | 1 Suse | 1 Manager Server | 2023-09-25 | N/A | 5.5 MEDIUM |
| An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server Module 4.3 spacewalk-java causes sensitive information to be logged. This issue affects SUSE Manager Server Module 4.2: before 4.2.50-150300.3.66.5; SUSE Manager Server Module 4.3: before 4.3.58-150400.3.46.4. | |||||
| CVE-2022-27599 | 1 Qnap | 1 Qvr Pro Client | 2023-09-13 | N/A | 4.4 MEDIUM |
| An insertion of sensitive information into Log file vulnerability has been reported to affect product. If exploited, the vulnerability possibly provides local authenticated administrators with an additional, less-protected path to acquiring the information via unspecified vectors. We have already fixed the vulnerability in the following version: Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Pro Client 2.3.0.0420 and later | |||||
| CVE-2023-4688 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2023-09-06 | N/A | 5.5 MEDIUM |
| Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35433. | |||||
| CVE-2023-39348 | 1 Linuxfoundation | 1 Spinnaker | 2023-09-01 | N/A | 5.3 MEDIUM |
| Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the risk is slightly higher than a "low" since token exposure could grant elevated access to repositories outside of control. If using READ restricted tokens, the exposure is such that the token itself could be used to access resources otherwise restricted from reads. This only affects users of GitHub Status Notifications. This issue has been addressed in pull request 1316. Users are advised to upgrade. Users unable to upgrade should disable GH Status Notifications, Filter their logs for Echo log data and use read-only tokens that are limited in scope. | |||||
| CVE-2023-38732 | 3 Ibm, Microsoft, Redhat | 4 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Windows and 1 more | 2023-08-26 | N/A | 4.3 MEDIUM |
| IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289. | |||||
| CVE-2023-38733 | 3 Ibm, Microsoft, Redhat | 3 Robotic Process Automation, Windows, Openshift | 2023-08-26 | N/A | 4.3 MEDIUM |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293. | |||||
| CVE-2023-32491 | 1 Dell | 1 Powerscale Onefs | 2023-08-22 | N/A | 6.5 MEDIUM |
| Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. A low privileges user could potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2020-24804 | 1 Cms-dev | 1 Cms | 2023-08-17 | N/A | 6.5 MEDIUM |
| Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs. | |||||
| CVE-2023-4108 | 1 Mattermost | 1 Mattermost | 2023-08-15 | N/A | 7.5 HIGH |
| Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged | |||||
| CVE-2022-34826 | 1 Couchbase | 1 Couchbase Server | 2023-08-08 | N/A | 5.9 MEDIUM |
| In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the logs. | |||||
| CVE-2021-39715 | 1 Google | 1 Android | 2023-08-08 | 2.1 LOW | 4.4 MEDIUM |
| In __show_regs of process.c, there is a possible leak of kernel memory and addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-178379135References: Upstream kernel | |||||
| CVE-2022-34570 | 1 Wavlink | 2 Wl-wn579x3, Wl-wn579x3 Firmware | 2023-08-08 | N/A | 7.5 HIGH |
| WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page. | |||||
| CVE-2022-3018 | 1 Gitlab | 1 Gitlab | 2023-08-08 | N/A | 4.9 MEDIUM |
| An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs. | |||||
| CVE-2022-27192 | 1 Asseco | 1 Dvs Avilys | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| The Reporting module in Aseco Lietuva document management system DVS Avilys before 3.5.58 allows unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading administrative files. | |||||