Total
758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21561 | 1 Dell | 1 Emc Powerscale Onefs | 2021-11-27 | 2.1 LOW | 5.5 MEDIUM |
| Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files. | |||||
| CVE-2021-22030 | 1 Greenplum | 1 Greenplum | 2021-11-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. A malicious user with access to logs can read sensitive(credentials) information about users | |||||
| CVE-2021-36340 | 1 Dell | 1 Emc Secure Connect Gateway | 2021-11-23 | 2.1 LOW | 5.5 MEDIUM |
| Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it. | |||||
| CVE-2021-0148 | 1 Intel | 36 Ssd D-s4510, Ssd D-s4510 Firmware, Ssd D5-p4320 and 33 more | 2021-11-22 | 2.1 LOW | 4.4 MEDIUM |
| Insertion of information into log file in firmware for some Intel(R) SSD DC may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2021-3791 | 1 Binatoneglobal | 42 Cn28, Cn28 Firmware, Cn40 and 39 more | 2021-11-16 | 3.3 LOW | 6.5 MEDIUM |
| An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password. | |||||
| CVE-2020-10052 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2021-11-11 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as usernames and passwords in log files. A local attacker with access to the log files could use this information to launch further attacks. | |||||
| CVE-2020-11643 | 1 Br-automation | 6 Gatemanager 4260, Gatemanager 4260 Firmware, Gatemanager 8250 and 3 more | 2021-11-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains. | |||||
| CVE-2020-11646 | 1 Br-automation | 6 Gatemanager 4260, Gatemanager 4260 Firmware, Gatemanager 8250 and 3 more | 2021-11-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information reserved for other users. | |||||
| CVE-2019-19756 | 1 Lenovo | 1 Xclarity Administrator | 2021-11-02 | 3.6 LOW | 6.0 MEDIUM |
| An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are only accessible to authorized users in the First Failure Data Capture (FFDC) service log and log files on LXCA. | |||||
| CVE-2011-1943 | 2 Fedoraproject, Gnome | 2 Fedora, Networkmanager | 2021-11-02 | 2.1 LOW | N/A |
| The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file. | |||||
| CVE-2019-1961 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure | 2021-10-29 | 6.8 MEDIUM | 4.9 MEDIUM |
| A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to the improper input validation of tar packages uploaded through the Web Portal to the Image Repository. An attacker could exploit this vulnerability by uploading a crafted tar package and viewing the log entries that are generated. A successful exploit could allow the attacker to read arbitrary files on the underlying OS. | |||||
| CVE-2019-1953 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure | 2021-10-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to view a password in clear text. The vulnerability is due to incorrectly logging the admin password when a user is forced to modify the default password when logging in to the web portal for the first time. Subsequent password changes are not logged and other accounts are not affected. An attacker could exploit this vulnerability by viewing the admin clear text password and using it to access the affected system. The attacker would need a valid user account to exploit this vulnerability. | |||||
| CVE-2021-20129 | 1 Draytek | 1 Vigorconnect | 2021-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs. | |||||
| CVE-2021-39246 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2021-10-01 | 3.6 LOW | 6.1 MEDIUM |
| Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the destination server (or collected by a rogue site within the Tor network). | |||||
| CVE-2021-32724 | 1 Check-spelling | 1 Check-spelling | 2021-09-27 | 6.8 MEDIUM | 9.9 CRITICAL |
| check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the [check-spelling action](https://github.com/marketplace/actions/check-spelling) enabled that triggers on `pull_request_target` (or `schedule`), an attacker can send a crafted Pull Request that causes a `GITHUB_TOKEN` to be exposed. With the `GITHUB_TOKEN`, it's possible to push commits to the repository bypassing standard approval processes. Commits to the repository could then steal any/all secrets available to the repository. As a workaround users may can either: [Disable the workflow](https://docs.github.com/en/actions/managing-workflow-runs/disabling-and-enabling-a-workflow) until you've fixed all branches or Set repository to [Allow specific actions](https://docs.github.com/en/github/administering-a-repository/managing-repository-settings/disabling-or-limiting-github-actions-for-a-repository#allowing-specific-actions-to-run). check-spelling isn't a verified creator and it certainly won't be anytime soon. You could then explicitly add other actions that your repository uses. Set repository [Workflow permissions](https://docs.github.com/en/github/administering-a-repository/managing-repository-settings/disabling-or-limiting-github-actions-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository) to `Read repository contents permission`. Workflows using `check-spelling/check-spelling@main` will get the fix automatically. Workflows using a pinned sha or tagged version will need to change the affected workflows for all repository branches to the latest version. Users can verify who and which Pull Requests have been running the action by looking up the spelling.yml action in the Actions tab of their repositories, e.g., https://github.com/check-spelling/check-spelling/actions/workflows/spelling.yml - you can filter PRs by adding ?query=event%3Apull_request_target, e.g., https://github.com/check-spelling/check-spelling/actions/workflows/spelling.yml?query=event%3Apull_request_target. | |||||
| CVE-2021-23046 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Guided Configuration | 2021-09-24 | 3.5 LOW | 4.9 MEDIUM |
| On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-32767 | 1 Typo3 | 1 Typo3 | 2021-09-21 | 3.5 LOW | 6.5 MEDIUM |
| TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 versions 9.5.28, 10.4.18, 11.3.1 contain a patch for this vulnerability. | |||||
| CVE-2020-1987 | 1 Paloaltonetworks | 1 Globalprotect | 2021-09-14 | 2.1 LOW | 3.3 LOW |
| An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1. | |||||
| CVE-2021-22929 | 1 Brave | 1 Brave | 2021-09-10 | 3.6 LOW | 6.1 MEDIUM |
| An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log. | |||||
| CVE-2016-0898 | 1 Vmware | 1 Pivotal Software Mysql | 2021-09-09 | 5.0 MEDIUM | 10.0 CRITICAL |
| MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM. | |||||