Total
493 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11465 | 1 Couchbase | 1 Couchbase Server | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted. | |||||
| CVE-2020-5908 | 1 F5 | 1 Big-ip Access Policy Manager | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, Edge Client for Linux exposes full session ID in the local log files. | |||||
| CVE-2020-6224 | 1 Sap | 1 Netweaver Application Server Java | 2021-07-21 | 3.5 LOW | 6.2 MEDIUM |
| SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure. | |||||
| CVE-2020-6295 | 1 Sap | 1 Adaptive Server Enterprise | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the installed Cockpit. This compromise could enable the attacker to view, modify and/or make unavailable any data associated with the Cockpit, leading to Information Disclosure. | |||||
| CVE-2020-6317 | 1 Sap | 1 Adaptive Server Enterprise | 2021-07-21 | 2.7 LOW | 3.5 LOW |
| In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions - 15.7, 16.0. | |||||
| CVE-2020-7654 | 1 Synk | 1 Broker | 2021-07-21 | 4.3 MEDIUM | 7.5 HIGH |
| All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG. | |||||
| CVE-2021-29759 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2021-07-15 | 2.1 LOW | 2.3 LOW |
| IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212. | |||||
| CVE-2021-0549 | 1 Google | 1 Android | 2021-06-25 | 2.1 LOW | 4.4 MEDIUM |
| In sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183961896 | |||||
| CVE-2021-3039 | 1 Paloaltonetworks | 1 Prisma Cloud | 2021-06-24 | 5.5 MEDIUM | 3.8 LOW |
| An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412. | |||||
| CVE-2020-15370 | 1 Broadcom | 1 Fabric Operating System | 2021-06-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files. | |||||
| CVE-2021-25420 | 1 Samsung | 1 Galaxy Watch Plugin | 2021-06-17 | 2.1 LOW | 5.5 MEDIUM |
| Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. | |||||
| CVE-2021-25421 | 1 Samsung | 1 Galaxy Watch 3 Plugin | 2021-06-17 | 2.1 LOW | 5.5 MEDIUM |
| Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. | |||||
| CVE-2021-25422 | 1 Samsung | 1 Watch Active Plugin | 2021-06-17 | 2.1 LOW | 5.5 MEDIUM |
| Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. | |||||
| CVE-2021-25423 | 1 Samsung | 1 Watch Active2 Plugin | 2021-06-17 | 2.1 LOW | 5.5 MEDIUM |
| Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log. | |||||
| CVE-2021-21558 | 1 Dell | 1 Emc Networker | 2021-06-15 | 2.1 LOW | 4.4 MEDIUM |
| Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the network domain. | |||||
| CVE-2021-22516 | 1 Microfocus | 1 Secure Api Manager | 2021-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SAPIM) product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file. | |||||
| CVE-2020-15380 | 1 Broadcom | 1 Sannav | 2021-06-11 | 5.0 MEDIUM | 7.5 HIGH |
| Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level. | |||||
| CVE-2021-3425 | 1 Redhat | 1 Jboss A-mq | 2021-06-11 | 2.1 LOW | 4.4 MEDIUM |
| A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable. | |||||
| CVE-2021-20178 | 2 Fedoraproject, Redhat | 3 Fedora, Ansible, Ansible Tower | 2021-06-03 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2021-20191 | 2 Oracle, Redhat | 8 Virtualization, Ansible, Ansible Tower and 5 more | 2021-06-03 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected. | |||||