Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-532
Total 493 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-18576 1 Dell 1 Xtremio Management Server 2020-03-18 2.1 LOW 6.7 MEDIUM
Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user.
CVE-2018-1223 1 Pivotal 1 Cloud Foundry Container Runtime 2020-03-09 4.0 MEDIUM 8.8 HIGH
Cloud Foundry Container Runtime (kubo-release), versions prior to 0.14.0, may leak UAA and vCenter credentials to application logs. A malicious user with the ability to read the application logs could use these credentials to escalate privileges.
CVE-2020-4083 1 Hcltech 1 Connections 2020-03-06 2.1 LOW 5.5 MEDIUM
HCL Connections 6.5 is vulnerable to possible information leakage. Connections could disclose sensitive information via trace logs to a local user.
CVE-2018-20105 3 Opensuse, Suse, Yast2-rmt Project 3 Leap, Suse Linux Enterprise Server, Yast2-rmt 2020-02-27 2.1 LOW 5.5 MEDIUM
A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2.
CVE-2020-0018 1 Google 1 Android 2020-02-18 2.1 LOW 4.4 MEDIUM
In MotionEntry::appendDescription of InputDispatcher.cpp, there is a possible log information disclosure. This could lead to local disclosure of user input with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139945049
CVE-2019-0380 1 Sap 1 Landscape Management 2020-02-10 4.0 MEDIUM 4.9 MEDIUM
Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information Disclosure.
CVE-2019-10195 2 Fedoraproject, Freeipa 2 Fedora, Freeipa 2020-02-04 4.0 MEDIUM 6.5 MEDIUM
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to produce log file content with passwords exposed.
CVE-2020-5225 1 Simplesamlphp 1 Simplesamlphp 2020-01-31 5.5 MEDIUM 5.4 MEDIUM
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content.
CVE-2019-3429 1 Zte 1 Zxcloud Goldendata Vap 2019-12-30 5.0 MEDIUM 5.3 MEDIUM
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information.
CVE-2019-19150 1 F5 1 Big-ip Access Policy Manager 2019-12-30 3.5 LOW 4.9 MEDIUM
On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled.
CVE-2014-3536 1 Redhat 1 Cloudforms Management Engine 2019-12-19 2.1 LOW 5.5 MEDIUM
CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration
CVE-2019-11293 1 Cloudfoundry 2 Cf-deployment, User Account And Authentication 2019-12-12 3.5 LOW 6.5 MEDIUM
Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters.
CVE-2012-1156 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2019-11-22 5.0 MEDIUM 7.5 HIGH
Moodle before 2.2.2 has users' private files included in course backups
CVE-2019-6662 1 F5 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more 2019-11-18 4.0 MEDIUM 6.5 MEDIUM
On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that data.
CVE-2017-8001 2 Dell, Linux 2 Emc Scaleio, Linux Kernel 2019-11-14 2.1 LOW 8.4 HIGH
An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials.
CVE-2013-1771 1 Monkey-project 1 Monkey 2019-11-13 5.0 MEDIUM 7.5 HIGH
The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo.
CVE-2019-18385 1 Terra-master 2 Fs-210, Fs-210 Firmware 2019-10-30 5.0 MEDIUM 7.5 HIGH
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring.
CVE-2018-0504 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2019-10-29 4.0 MEDIUM 6.5 MEDIUM
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid
CVE-2019-14858 1 Redhat 2 Ansible Engine, Ansible Tower 2019-10-24 2.1 LOW 5.5 MEDIUM
A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.
CVE-2019-17394 1 Seesaw 1 Parent And Family 2019-10-17 5.0 MEDIUM 9.8 CRITICAL
In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.