Total
758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15235 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to gain access to the victim's password (for the OS and phpMyAdmin) via an attacker account. This is different from CVE-2019-14782. | |||||
| CVE-2019-14782 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to make a request to extract the victim's password (for the OS and phpMyAdmin) via an attacker account. | |||||
| CVE-2022-27636 | 2 F5, Microsoft | 3 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client, Windows | 2023-01-24 | 2.1 LOW | 5.5 MEDIUM |
| On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2022-4858 | 1 M-files | 1 M-files Server | 2023-01-06 | N/A | 7.5 HIGH |
| Insertion of Sensitive Information into Log Files in M-Files Server before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set. | |||||
| CVE-2022-23469 | 1 Traefik | 1 Traefik | 2022-12-12 | N/A | 6.5 MEDIUM |
| Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization header are displayed in the debug logs. Attackers must have access to a users logging system in order for credentials to be stolen. This issue has been addressed in version 2.9.6. Users are advised to upgrade. Users unable to upgrade may set the log level to `INFO`, `WARN`, or `ERROR`. | |||||
| CVE-2022-39897 | 1 Google | 1 Android | 2022-12-09 | N/A | 5.5 MEDIUM |
| Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address information via log. | |||||
| CVE-2019-4284 | 1 Ibm | 1 Cloud Private | 2022-12-09 | 2.1 LOW | 4.4 MEDIUM |
| IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512. | |||||
| CVE-2019-4008 | 1 Ibm | 1 Api Connect | 2022-12-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626. | |||||
| CVE-2022-2721 | 1 Octopus | 1 Octopus Server | 2022-11-29 | N/A | 7.5 HIGH |
| In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled. | |||||
| CVE-2022-43673 | 1 Wire | 1 Wire | 2022-11-23 | N/A | 4.7 MEDIUM |
| Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the AppData\Roaming\Wire\IndexedDB\https_app.wire.com_0.indexeddb.leveldb database. | |||||
| CVE-2022-27895 | 1 Palantir | 1 Foundry Build2 | 2022-11-17 | N/A | 7.5 HIGH |
| Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater. | |||||
| CVE-2022-27896 | 1 Palantir | 1 Foundry Code-workbooks | 2022-11-17 | N/A | 7.5 HIGH |
| Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks Python console. Upgrade to Code-Workbooks version 4.461.0. This issue affects Palantir Foundry Code-Workbooks version 4.144 to version 4.460.0 and is resolved in 4.461.0. | |||||
| CVE-2022-35719 | 1 Ibm | 1 Mq Internet Pass-thru | 2022-11-16 | N/A | 5.5 MEDIUM |
| IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user. | |||||
| CVE-2022-27893 | 1 Osisoft-pi-web-connector Project | 1 Osisoft-pi-web-connector | 2022-11-14 | N/A | 4.2 MEDIUM |
| The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0. | |||||
| CVE-2022-39893 | 1 Samsung | 1 Galaxy Buds Pro Manage | 2022-11-10 | N/A | 3.3 LOW |
| Sensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751 allows local attackers with log access permission to get device identifier data through device log. | |||||
| CVE-2022-44745 | 1 Acronis | 1 Cyber Protect Home Office | 2022-11-08 | N/A | 5.5 MEDIUM |
| Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | |||||
| CVE-2019-14885 | 1 Redhat | 2 Jboss Enterprise Application Platform, Single Sign-on | 2022-11-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information. | |||||
| CVE-2021-36318 | 1 Dell | 1 Emc Avamar Server | 2022-11-07 | 4.6 MEDIUM | 6.7 MEDIUM |
| Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage. | |||||
| CVE-2022-44624 | 1 Jetbrains | 1 Teamcity | 2022-11-03 | N/A | 7.5 HIGH |
| In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters | |||||
| CVE-2022-3499 | 1 Tenable | 1 Nessus | 2022-11-01 | N/A | 6.5 MEDIUM |
| An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present. | |||||