Total
758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38067 | 1 Jetbrains | 1 Teamcity | 2023-07-20 | N/A | 6.5 MEDIUM |
| In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log | |||||
| CVE-2023-38064 | 1 Jetbrains | 1 Teamcity | 2023-07-20 | N/A | 6.5 MEDIUM |
| In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log | |||||
| CVE-2022-27549 | 1 Hcltechsw | 1 Hcl Launch | 2023-07-18 | 2.1 LOW | 5.5 MEDIUM |
| HCL Launch may store certain data for recurring activities in a plain text format. | |||||
| CVE-2022-25828 | 1 Samsung | 1 Watch Active Plugin | 2023-07-10 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the log | |||||
| CVE-2022-25827 | 1 Samsung | 1 Galaxy Watch Plugin | 2023-07-10 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows attacker to access password information of connected WiFiAp in the log | |||||
| CVE-2022-25826 | 1 Samsung | 1 Galaxy Watch 3 Plugin | 2023-07-10 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log | |||||
| CVE-2022-25823 | 1 Samsung | 1 Galaxy Watch Plugin | 2023-07-10 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows attackers to access user information in log. | |||||
| CVE-2022-25830 | 1 Samsung | 1 Galaxy Watch 3 Plugin | 2023-07-10 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log | |||||
| CVE-2022-25829 | 1 Samsung | 1 Watch Active2 Plugin | 2023-07-10 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log | |||||
| CVE-2022-2394 | 1 Perforce | 1 Puppet Bolt | 2023-06-30 | N/A | 3.5 LOW |
| Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise. | |||||
| CVE-2023-35695 | 1 Trendmicro | 1 Mobile Security | 2023-06-30 | N/A | 7.5 HIGH |
| A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product. | |||||
| CVE-2023-20885 | 1 Pivotal | 3 Cloud Foundry Nfs Volume, Cloud Foundry Notifications, Cloud Foundry Smb Volume | 2023-06-30 | N/A | 6.5 MEDIUM |
| Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions prior to 7.1.19. | |||||
| CVE-2022-26907 | 1 Microsoft | 1 Azure Sdk For .net | 2023-06-29 | 4.0 MEDIUM | 5.3 MEDIUM |
| Azure SDK for .NET Information Disclosure Vulnerability | |||||
| CVE-2023-34097 | 1 Hoppscotch | 1 Hoppscotch | 2023-06-13 | N/A | 8.8 HIGH |
| hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs when showing the database connection string. Attackers with access to read system logs will be able to elevate privilege with full access to the database. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-28351 | 2 Faronics, Microsoft | 2 Insight, Windows | 2023-06-13 | N/A | 3.3 LOW |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. Every keystroke made by any user on a computer with the Student application installed is logged to a world-readable directory. A local attacker can trivially extract these cleartext keystrokes, potentially enabling them to obtain PII and/or to compromise personal accounts owned by the victim. | |||||
| CVE-2023-34223 | 1 Jetbrains | 1 Teamcity | 2023-06-02 | N/A | 5.3 MEDIUM |
| In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases | |||||
| CVE-2022-0010 | 1 Abb | 5 Platform Engineering Tools, Qcs 800xa, Qcs 800xa Firmware and 2 more | 2023-06-01 | N/A | 5.5 MEDIUM |
| Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0. | |||||
| CVE-2023-33001 | 1 Jenkins | 1 Hashicorp Vault | 2023-05-25 | N/A | 7.5 HIGH |
| Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. | |||||
| CVE-2023-2514 | 1 Mattermost | 1 Mattermost | 2023-05-22 | N/A | 7.5 HIGH |
| Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization. | |||||
| CVE-2023-1550 | 1 F5 | 2 Nginx Agent, Nginx Instance Manager | 2023-05-11 | N/A | 5.5 MEDIUM |
| Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when the non-default trace level logging is enabled. Note: NGINX Agent is included with NGINX Instance Manager and used in conjunction with NGINX API Connectivity Manager, and NGINX Management Suite Security Monitoring. | |||||