Total
758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29759 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2021-07-15 | 2.1 LOW | 2.3 LOW |
| IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212. | |||||
| CVE-2021-0549 | 1 Google | 1 Android | 2021-06-25 | 2.1 LOW | 4.4 MEDIUM |
| In sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183961896 | |||||
| CVE-2021-3039 | 1 Paloaltonetworks | 1 Prisma Cloud | 2021-06-25 | 5.5 MEDIUM | 3.8 LOW |
| An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412. | |||||
| CVE-2020-15370 | 1 Broadcom | 1 Fabric Operating System | 2021-06-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files. | |||||
| CVE-2021-25420 | 1 Samsung | 1 Galaxy Watch Plugin | 2021-06-17 | 2.1 LOW | 5.5 MEDIUM |
| Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. | |||||
| CVE-2021-25421 | 1 Samsung | 1 Galaxy Watch 3 Plugin | 2021-06-17 | 2.1 LOW | 5.5 MEDIUM |
| Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. | |||||
| CVE-2021-25422 | 1 Samsung | 1 Watch Active Plugin | 2021-06-17 | 2.1 LOW | 5.5 MEDIUM |
| Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. | |||||
| CVE-2021-25423 | 1 Samsung | 1 Watch Active2 Plugin | 2021-06-17 | 2.1 LOW | 5.5 MEDIUM |
| Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log. | |||||
| CVE-2021-21558 | 1 Dell | 1 Emc Networker | 2021-06-16 | 2.1 LOW | 4.4 MEDIUM |
| Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the network domain. | |||||
| CVE-2020-15380 | 1 Broadcom | 1 Sannav | 2021-06-11 | 5.0 MEDIUM | 7.5 HIGH |
| Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level. | |||||
| CVE-2021-3425 | 1 Redhat | 1 Jboss A-mq | 2021-06-11 | 2.1 LOW | 4.4 MEDIUM |
| A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable. | |||||
| CVE-2016-9882 | 1 Cloudfoundry | 2 Capi-release, Cf-release | 2021-05-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggregator via syslog. | |||||
| CVE-2017-17675 | 1 Bmc | 1 Remedy Mid-tier | 2021-05-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data. | |||||
| CVE-2021-32074 | 1 Hashicorp | 1 Vault-action | 2021-05-14 | 5.0 MEDIUM | 7.5 HIGH |
| HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows attackers to obtain sensitive information from log files because a multi-line secret was not correctly registered with GitHub Actions for log masking. | |||||
| CVE-2021-26908 | 1 Automox | 1 Automox | 2021-05-05 | 2.1 LOW | 3.3 LOW |
| Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent. | |||||
| CVE-2021-20536 | 2 Ibm, Microsoft | 2 Spectrum Protect Plus, Windows | 2021-04-30 | 2.1 LOW | 6.2 MEDIUM |
| IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836. | |||||
| CVE-2021-3036 | 1 Paloaltonetworks | 1 Pan-os | 2021-04-24 | 2.1 LOW | 4.4 MEDIUM |
| An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to use the PAN-OS XML API and exists only when a client includes a duplicate API parameter in API requests. Logged information includes the cleartext username, password, and API key of the administrator making the PAN-OS XML API request. | |||||
| CVE-2021-24024 | 1 Fortinet | 2 Fortiadc, Fortiadc Manager | 2021-04-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users' password in log files. | |||||
| CVE-2021-23924 | 1 Devolutions | 1 Devolutions Server | 2021-04-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files. | |||||
| CVE-2021-25350 | 2 Google, Samsung | 2 Android, Account | 2021-03-30 | 2.1 LOW | 3.9 LOW |
| Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log. | |||||