Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-117
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-14854 1 Redhat 1 Openshift Container Platform 2023-02-12 4.0 MEDIUM 6.5 MEDIUM
OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user.
CVE-2019-10213 1 Redhat 2 Enterprise Linux, Openshift Container Platform 2023-02-12 4.0 MEDIUM 6.5 MEDIUM
OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user.
CVE-2018-10932 1 Intel 1 Lldptool 2023-02-12 3.3 LOW 4.3 MEDIUM
lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.
CVE-2022-4011 1 Simple History Project 1 Simple History 2022-11-18 N/A 9.8 CRITICAL
A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213785 was assigned to this vulnerability.
CVE-2022-1522 1 Cognex 2 3d-a1000 Dimensioning System, 3d-a1000 Dimensioning System Firmware 2022-09-12 N/A 5.3 MEDIUM
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics.
CVE-2019-14864 3 Debian, Opensuse, Redhat 8 Debian Linux, Backports Sle, Leap and 5 more 2022-04-22 4.0 MEDIUM 6.5 MEDIUM
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
CVE-2019-14846 3 Debian, Opensuse, Redhat 6 Debian Linux, Backports Sle, Leap and 3 more 2022-04-22 2.1 LOW 7.8 HIGH
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.
CVE-2020-14332 2 Debian, Redhat 2 Debian Linux, Ansible Engine 2022-04-05 2.1 LOW 5.5 MEDIUM
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.
CVE-2020-4072 1 Jhipster 1 Generator-jhipster-kotlin 2020-07-10 5.0 MEDIUM 5.3 MEDIUM
In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem affects only application generated with jwt or session authentication. Applications using oauth are not vulnerable. This issue has been fixed in version 1.7.0.