Total
758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21722 | 1 Zte | 2 Zxv10 B860a, Zxv10 B860a Firmware | 2022-07-12 | 2.1 LOW | 4.4 MEDIUM |
| A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom. | |||||
| CVE-2021-39900 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 4.0 MEDIUM | 2.7 LOW |
| Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs. | |||||
| CVE-2021-22184 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted. | |||||
| CVE-2022-31098 | 1 Weave | 1 Weave Gitops | 2022-07-11 | 4.3 MEDIUM | 7.5 HIGH |
| Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of registered Kubernetes clusters, including the service account tokens in plain text from Weave GitOps's pod logs on the management cluster. An unauthorized remote attacker can also view these sensitive configurations from external log storage if enabled by the management cluster. This vulnerability is due to the client factory dumping cluster configurations and their service account tokens when the cluster manager tries to connect to an API server of a registered cluster, and a connection error occurs. An attacker could exploit this vulnerability by either accessing logs of a pod of Weave GitOps, or from external log storage and obtaining all cluster configurations of registered clusters. A successful exploit could allow the attacker to use those cluster configurations to manage the registered Kubernetes clusters. This vulnerability has been fixed by commit 567356f471353fb5c676c77f5abc2a04631d50ca. Users should upgrade to Weave GitOps core version v0.8.1-rc.6 or newer. There is no known workaround for this vulnerability. | |||||
| CVE-2021-45034 | 1 Siemens | 8 Cp-8000 Master Module With I\/o -25\/\+70, Cp-8000 Master Module With I\/o -25\/\+70 Firmware, Cp-8000 Master Module With I\/o -40\/\+70 and 5 more | 2022-07-01 | 4.3 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links. | |||||
| CVE-2021-26999 | 1 Netapp | 1 Cloud Manager | 2022-06-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. The logged information is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version. | |||||
| CVE-2021-31546 | 1 Mediawiki | 1 Mediawiki | 2022-06-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly logged sensitive suppression deletions, which should not have been visible to users with access to view AbuseFilter log data. | |||||
| CVE-2021-37036 | 1 Huawei | 3 Ecns280 Td, Ecns280 Td Firmware, Fusioncompute | 2022-06-28 | 2.1 LOW | 5.5 MEDIUM |
| There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the information leak. | |||||
| CVE-2021-3167 | 1 Cloudera | 1 Data Engineering | 2022-06-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs. | |||||
| CVE-2021-26998 | 1 Netapp | 1 Cloud Manager | 2022-06-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version. | |||||
| CVE-2022-32565 | 1 Couchbase | 1 Couchbase Server | 2022-06-22 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids. | |||||
| CVE-2022-32193 | 1 Couchbase | 1 Couchbase Server | 2022-06-22 | 3.5 LOW | 6.5 MEDIUM |
| Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. | |||||
| CVE-2021-43271 | 1 Riverbed | 1 Appresponse | 2022-06-15 | 7.1 HIGH | 6.8 MEDIUM |
| Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a (when configured to use local, RADIUS, or TACACS authentication) logs usernames and passwords if either is entered incorrectly. If a user enters an incorrect username and/or password when logging into the WebUI, these attempted credentials are included in an error message that is logged in the WebUI log file. A log entry does not appear if the username and password provided correctly match a valid set of credentials. This also does not happen if AppResponse is configured to use SAML authentication. The WebUI log file is included in subsequent diagnostic system dumps that are generated. (Only users with Full Control access to the System Configuration permission can generate system dumps. By default, only System Administrators have Full Control access to the System Configuration permission.) | |||||
| CVE-2022-30742 | 1 Samsung | 1 Find My Mobile | 2022-06-13 | 2.1 LOW | 3.3 LOW |
| Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log. | |||||
| CVE-2022-30741 | 1 Samsung | 1 Find My Mobile | 2022-06-13 | 2.1 LOW | 3.3 LOW |
| Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log. | |||||
| CVE-2022-30733 | 1 Samsung | 1 Account | 2022-06-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. | |||||
| CVE-2022-29928 | 1 Jetbrains | 1 Teamcity | 2022-05-23 | 4.0 MEDIUM | 4.9 MEDIUM |
| In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible | |||||
| CVE-2022-28161 | 1 Brocade | 1 Sannav | 2022-05-17 | 1.9 LOW | 5.5 MEDIUM |
| An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode. | |||||
| CVE-2022-28859 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2022-05-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions prior to 14.1.4.6, when installing Net HSM, the scripts (nethsm-safenet-install.sh and nethsm-thales-install.sh) expose the Net HSM partition password. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2022-27888 | 1 Palantir | 1 Foundry Issues | 2022-05-05 | 2.1 LOW | 5.5 MEDIUM |
| Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). This issue was fixed in 2.249.1. | |||||