Total
758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24566 | 1 Octopus | 1 Octopus Deploy | 2020-09-10 | 4.3 MEDIUM | 7.5 HIGH |
| In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4.1, if an authenticated user creates a deployment or runbook process using Azure steps and sets the step's execution location to run on the server/worker, then (under certain circumstances) the account password is exposed in cleartext in the verbose task logs output. | |||||
| CVE-2020-25046 | 1 Google | 1 Android | 2020-09-03 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The USB driver leaks address information via kernel logging. The Samsung IDs are SVE-2020-17602, SVE-2020-17603, SVE-2020-17604 (August 2020). | |||||
| CVE-2020-14518 | 1 Philips | 1 Dreammapper | 2020-08-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker. | |||||
| CVE-2019-9929 | 1 Northern | 1 Cfengine | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions. | |||||
| CVE-2019-9976 | 1 Dasannetworks | 2 H660rm, H660rm Firmware | 2020-08-24 | 4.0 MEDIUM | 8.8 HIGH |
| The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users. | |||||
| CVE-2019-11549 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors. | |||||
| CVE-2019-3716 | 1 Rsa | 1 Archer Grc Platform | 2020-08-24 | 2.1 LOW | 7.8 HIGH |
| RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks. | |||||
| CVE-2019-0266 | 1 Sap | 1 Hana Extended Application Services | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking information is increased. | |||||
| CVE-2019-0029 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2020-08-24 | 2.1 LOW | 7.8 HIGH |
| Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can access the Splunk server. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | |||||
| CVE-2018-7754 | 1 Linux | 1 Linux Kernel | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file. | |||||
| CVE-2019-3715 | 1 Rsa | 1 Archer Grc Platform | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks. | |||||
| CVE-2018-15797 | 1 Pivotal Software | 1 Cloud Foundry Nfs Volume | 2020-08-24 | 4.0 MEDIUM | 8.8 HIGH |
| Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry Platform through the logs of the NFS volume deploy errand. | |||||
| CVE-2018-16095 | 1 Lenovo | 8 System Management Module Firmware, Thinkagile Hx Enclosure 7x81, Thinkagile Hx Enclosure 7y87 and 5 more | 2020-08-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails. | |||||
| CVE-2019-15294 | 1 Gallagher | 1 Command Centre | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Command_centre.log file. | |||||
| CVE-2020-6653 | 1 Eaton | 1 Secureconnect | 2020-08-19 | 2.1 LOW | 3.9 LOW |
| Eaton's Secure connect mobile app v1.7.3 & prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can harvest the information and later on can use the information to monitor and control the user's account and associated devices. | |||||
| CVE-2020-5414 | 1 Vmware | 2 Operations Manager, Tanzu Application Service For Virtual Machines | 2020-08-04 | 6.0 MEDIUM | 5.7 MEDIUM |
| VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are available to authenticated users of the BOSH Director. This credential would grant administrative privileges to a malicious user. The same versions of App Autoscaler also log the App Autoscaler Broker password. Prior to newer versions of Operations Manager, this credential was not redacted from logs. This credential allows a malicious user to create, delete, and modify App Autoscaler services instances. Operations Manager started redacting this credential from logs as of its versions 2.7.15, 2.8.6, and 2.9.1. Note that these logs are typically only visible to foundation administrators and operators. | |||||
| CVE-2020-11932 | 1 Canonical | 1 Subiquity | 2020-08-03 | 2.1 LOW | 2.3 LOW |
| It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered. | |||||
| CVE-2020-4405 | 1 Ibm | 1 Verify Gateway | 2020-07-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484. | |||||
| CVE-2019-18244 | 1 Osisoft | 1 Pi Vision | 2020-07-25 | 1.9 LOW | 4.7 MEDIUM |
| In OSIsoft PI System multiple products and versions, a local attacker could view sensitive information in log files when service accounts are customized during installation or upgrade of PI Vision. The update fixes a previously reported issue. | |||||
| CVE-2020-3930 | 1 Geovision | 2 Gv-gf192x, Gv-gf192x Firmware | 2020-07-23 | 2.1 LOW | 3.3 LOW |
| GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs. | |||||