Total
493 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24038 | 1 Eram | 6 Myfax150, Myfax150 Firmware, Myfax250 and 3 more | 2021-07-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| myFax version 229 logs sensitive information in the export log module which allows any user to access critical information. | |||||
| CVE-2020-7215 | 1 Gallagher | 1 Command Centre | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Gallagher Command Centre 7.x before 7.90.991(MR5), 8.00 before 8.00.1161(MR5), and 8.10 before 8.10.1134(MR4). External system configuration data (used for third party integrations such as DVR systems) were logged in the Command Centre event trail. Any authenticated operator with the 'view events' privilege could see the full configuration, including cleartext usernames and passwords, under the event details of a Modified DVR System event. | |||||
| CVE-2020-26416 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2. | |||||
| CVE-2020-1942 | 1 Apache | 1 Nifi | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was printed, potentially containing sensitive values in plaintext. | |||||
| CVE-2020-7654 | 1 Synk | 1 Broker | 2021-07-21 | 4.3 MEDIUM | 7.5 HIGH |
| All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG. | |||||
| CVE-2020-15829 | 1 Jetbrains | 1 Teamcity | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs. | |||||
| CVE-2020-15581 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The kernel logging feature allows attackers to discover virtual addresses via vectors involving shared memory. The Samsung ID is SVE-2020-17605 (July 2020). | |||||
| CVE-2020-6295 | 1 Sap | 1 Adaptive Server Enterprise | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the installed Cockpit. This compromise could enable the attacker to view, modify and/or make unavailable any data associated with the Cockpit, leading to Information Disclosure. | |||||
| CVE-2020-14470 | 1 Octopus | 1 Octopus Deploy | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password. | |||||
| CVE-2020-13830 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with P(9.0) software. One UI HOME logging can leak information. The Samsung ID is SVE-2019-16382 (June 2020). | |||||
| CVE-2020-11605 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is sensitive information exposure from dumpstate in NFC logs. The Samsung ID is SVE-2019-16359 (April 2020). | |||||
| CVE-2020-10752 | 1 Redhat | 1 Openshift Container Platform | 2021-07-21 | 6.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token. | |||||
| CVE-2020-5908 | 1 F5 | 1 Big-ip Access Policy Manager | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, Edge Client for Linux exposes full session ID in the local log files. | |||||
| CVE-2020-6224 | 1 Sap | 1 Netweaver Application Server Java | 2021-07-21 | 3.5 LOW | 6.2 MEDIUM |
| SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure. | |||||
| CVE-2020-4498 | 1 Ibm | 1 Mq Appliance | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118. | |||||
| CVE-2019-4286 | 1 Ibm | 1 Maximo Anywhere | 2021-07-21 | 2.1 LOW | 4.3 MEDIUM |
| IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160514. | |||||
| CVE-2019-3649 | 1 Mcafee | 1 Advanced Threat Defense | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files. | |||||
| CVE-2019-20852 | 1 Mattermost | 1 Mattermost Mobile | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local logging is not blocked for sensitive information (e.g., server addresses or message content). | |||||
| CVE-2019-20625 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) (Exynos chipsets) software. The ion debugfs driver allows information disclosure. The Samsung ID is SVE-2018-13427 (February 2019). | |||||
| CVE-2019-16528 | 1 Mediawiki | 1 Abusefilter | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the AbuseFilter extension for MediaWiki. includes/special/SpecialAbuseLog.php allows attackers to obtain sensitive information, such as deleted/suppressed usernames and summaries, from AbuseLog revision data. This affects REL1_32 and REL1_33. | |||||