Total
493 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-17355 | 1 Orbitz | 1 Orbitz | 2019-10-17 | 5.0 MEDIUM | 9.8 CRITICAL |
In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | |||||
CVE-2019-17396 | 1 Powerschool | 1 Powerschool Mobile | 2019-10-17 | 5.0 MEDIUM | 9.8 CRITICAL |
In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | |||||
CVE-2019-17395 | 1 Rapidgator | 1 Rapidgator | 2019-10-17 | 5.0 MEDIUM | 9.8 CRITICAL |
In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | |||||
CVE-2019-17398 | 1 Darkhorse | 1 Dark Horse Comics | 2019-10-17 | 5.0 MEDIUM | 9.8 CRITICAL |
In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication, and may be available to attackers via logcat. | |||||
CVE-2019-4572 | 1 Ibm | 1 Filenet Content Manager | 2019-10-16 | 2.1 LOW | 4.4 MEDIUM |
IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations, could log the web service user credentials into a log file that could be accessed by an administrator on the local machine. IBM X-Force ID: 166798. | |||||
CVE-2019-17397 | 1 Doordash | 1 Doordash | 2019-10-15 | 5.0 MEDIUM | 9.8 CRITICAL |
In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | |||||
CVE-2019-6157 | 2 Ibm, Lenovo | 84 Bladecenter Hs22, Bladecenter Hs22 Firmware, Bladecenter Hs23 and 81 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support. | |||||
CVE-2019-6158 | 1 Lenovo | 1 Xclarity Administrator | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x. | |||||
CVE-2019-5634 | 1 Belwith-keeler | 1 Hickory Smart | 2019-10-09 | 2.1 LOW | 4.3 MEDIUM |
An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Communications to the internet API services and direct connections to the lock via Bluetooth Low Energy (BLE) from the mobile application are logged in a debug log on the Android device at HickorySmartLog/Logs/SRDeviceLog.txt. This information was found stored in the Android device's default USB or SDcard storage paths and is accessible without rooting the device. This issue affects Hickory Smart for Android, version 01.01.43 and prior versions. | |||||
CVE-2019-13515 | 1 Osisoft | 1 Pi Web Api | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information. | |||||
CVE-2019-0021 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information. This issue affects Juniper ATP 5.0 versions prior to 5.0.4. | |||||
CVE-2019-0202 | 1 Apache | 1 Storm | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints. | |||||
CVE-2018-3609 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2019-10-09 | 4.3 MEDIUM | 8.1 HIGH |
A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations. | |||||
CVE-2018-3828 | 1 Elastic | 1 Elastic Cloud Enterprise | 2019-10-09 | 3.5 LOW | 7.5 HIGH |
Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to the logging cluster may obtain leaked credentials and perform authenticated actions using these credentials. | |||||
CVE-2018-1876 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. IBM X-Force ID: 151707. | |||||
CVE-2018-1788 | 1 Ibm | 1 Spectrum Protect Server | 2019-10-09 | 2.1 LOW | 4.4 MEDIUM |
IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873. | |||||
CVE-2018-1768 | 1 Ibm | 1 Spectrum Protect Plus | 2019-10-09 | 2.1 LOW | 7.8 HIGH |
IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622. | |||||
CVE-2018-1241 | 1 Emc | 2 Recoverpoint, Recoverpoint For Virtual Machines | 2019-10-09 | 4.0 MEDIUM | 8.8 HIGH |
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain the exposed LDAP password to use it in further attacks. | |||||
CVE-2018-1072 | 2 Ovirt, Redhat | 2 Ovirt, Enterprise Virtualization Manager | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options "--provision*db", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords. | |||||
CVE-2018-1350 | 1 Netiq | 1 Identity Manager | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration. |