Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-532
Total 493 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-1075 1 Ovirt 1 Ovirt 2023-02-12 2.1 LOW 7.8 HIGH
ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords.
CVE-2018-16889 1 Redhat 1 Ceph 2023-02-12 5.0 MEDIUM 7.5 HIGH
Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.
CVE-2017-7550 1 Redhat 2 Ansible, Enterprise Linux Server 2023-02-12 5.0 MEDIUM 9.8 CRITICAL
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation.
CVE-2016-5432 1 Redhat 2 Enterprise Linux, Enterprise Virtualization 2023-02-12 2.1 LOW 3.3 LOW
The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.
CVE-2016-4443 1 Redhat 1 Enterprise Virtualization 2023-02-12 2.1 LOW 5.5 MEDIUM
Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.
CVE-2020-10712 1 Redhat 1 Openshift Container Platform 2023-02-12 6.4 MEDIUM 8.2 HIGH
A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The highest threat from this vulnerability is to data integrity.
CVE-2021-36544 1 Tpcms Project 1 Tpcms 2023-02-09 N/A 7.5 HIGH
Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL.
CVE-2023-22574 1 Dell 1 Emc Powerscale Onefs 2023-02-08 N/A 8.1 HIGH
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs on the cluster could potentially exploit this vulnerability, leading to Information disclosure and denial of service.
CVE-2023-22573 1 Dell 1 Emc Powerscale Onefs 2023-02-08 N/A 5.5 MEDIUM
Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure.
CVE-2023-22575 1 Dell 1 Emc Powerscale Onefs 2023-02-08 N/A 8.8 HIGH
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user could potentially exploit this vulnerability, leading to information disclosure and escalation of privileges.
CVE-2023-22572 1 Dell 1 Emc Powerscale Onefs 2023-02-08 N/A 7.8 HIGH
Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover.
CVE-2019-4296 1 Ibm 1 Robotic Process Automation With Automation Anywhere 2023-02-03 2.1 LOW 3.3 LOW
IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759.
CVE-2019-6648 2 F5, Redhat 2 Container Ingress Service, Openshift 2023-02-03 1.9 LOW 4.4 MEDIUM
On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.
CVE-2019-4225 1 Ibm 1 Pureapplication System 2023-02-03 2.1 LOW 4.4 MEDIUM
IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.
CVE-2022-20458 1 Google 1 Android 2023-02-01 N/A 5.5 MEDIUM
The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user's account name (i.e. PII), in Android "user" build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776
CVE-2019-4299 1 Ibm 1 Robotic Process Automation With Automation Anywhere 2023-01-31 1.9 LOW 5.5 MEDIUM
IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765.
CVE-2019-10695 1 Puppet 1 Continuous Delivery 2023-01-27 4.0 MEDIUM 6.5 MEDIUM
When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user’s username and password were exposed in the job’s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module.
CVE-2021-39011 2 Ibm, Linux 2 Cloud Pak For Security, Linux Kernel 2023-01-27 N/A 4.9 MEDIUM
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user. IBM X-Force ID: 213645.
CVE-2023-22733 1 Shopware 1 Shopware 2023-01-25 N/A 6.5 MEDIUM
Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would write out all kind of sent mails. An attacker with access to either the local system logs or a centralized logging store may have access to other users accounts. This issue has been addressed in version 6.4.18.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. Users unable to upgrade may remove from all users the log module ACL rights or disable logging.
CVE-2019-14782 1 Control-webpanel 1 Webpanel 2023-01-24 4.0 MEDIUM 6.5 MEDIUM
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to make a request to extract the victim's password (for the OS and phpMyAdmin) via an attacker account.