Total
493 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14330 | 2 Debian, Redhat | 2 Debian Linux, Ansible Engine | 2022-11-10 | 2.1 LOW | 5.5 MEDIUM |
| An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2022-39893 | 1 Samsung | 1 Galaxy Buds Pro Manage | 2022-11-10 | N/A | 3.3 LOW |
| Sensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751 allows local attackers with log access permission to get device identifier data through device log. | |||||
| CVE-2022-44745 | 1 Acronis | 1 Cyber Protect Home Office | 2022-11-08 | N/A | 5.5 MEDIUM |
| Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | |||||
| CVE-2019-14885 | 1 Redhat | 2 Jboss Enterprise Application Platform, Single Sign-on | 2022-11-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information. | |||||
| CVE-2022-33878 | 1 Fortinet | 1 Forticlient | 2022-11-04 | N/A | 5.5 MEDIUM |
| An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal. | |||||
| CVE-2021-44862 | 1 Netskope | 1 Netskope | 2022-11-04 | N/A | 7.8 HIGH |
| Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed before writing in the logs. A malicious user can use the sensitive information to download data and impersonate another user. | |||||
| CVE-2022-44624 | 1 Jetbrains | 1 Teamcity | 2022-11-03 | N/A | 7.5 HIGH |
| In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters | |||||
| CVE-2022-3499 | 1 Tenable | 1 Nessus | 2022-11-01 | N/A | 6.5 MEDIUM |
| An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present. | |||||
| CVE-2021-3528 | 1 Redhat | 1 Noobaa-operator | 2022-10-27 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could use this AuthToken to gain additional access into noobaa deployment and can read/modify system configuration. | |||||
| CVE-2022-28774 | 1 Sap | 1 Host Agent | 2022-10-26 | 1.9 LOW | 5.5 MEDIUM |
| Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted. | |||||
| CVE-2021-3037 | 1 Paloaltonetworks | 1 Pan-os | 2022-10-25 | 2.1 LOW | 2.3 LOW |
| An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS configuration to the destination server. | |||||
| CVE-2022-31239 | 1 Dell | 1 Emc Powerscale Onefs | 2022-10-24 | N/A | 4.4 MEDIUM |
| Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data. | |||||
| CVE-2022-3293 | 1 Gitlab | 1 Gitlab | 2022-10-20 | N/A | 4.3 MEDIUM |
| Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 | |||||
| CVE-2022-39876 | 1 Samsung | 1 Reminder | 2022-10-11 | N/A | 3.3 LOW |
| Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI. | |||||
| CVE-2022-39874 | 1 Samsung | 1 Account | 2022-10-11 | N/A | 5.5 MEDIUM |
| Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. | |||||
| CVE-2021-36278 | 1 Dell | 1 Emc Powerscale Onefs | 2022-10-06 | 2.1 LOW | 5.5 MEDIUM |
| Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information exposure vulnerability in log files. A local malicious user with ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONSOLE, or ISI_PRIV_SYS_SUPPORT privileges may exploit this vulnerability to access sensitive information. If any third-party consumes those logs, the same sensitive information is available to those systems as well. | |||||
| CVE-2022-29810 | 1 Hashicorp | 1 Go-getter | 2022-10-06 | 2.1 LOW | 5.5 MEDIUM |
| The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter. | |||||
| CVE-2022-39821 | 1 Nokia | 1 1350 Optical Management System | 2022-09-30 | N/A | 7.5 HIGH |
| In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem. | |||||
| CVE-2022-23716 | 1 Elastic | 1 Elastic Cloud Enterprise | 2022-09-30 | N/A | 5.3 MEDIUM |
| A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster. | |||||
| CVE-2021-32801 | 1 Nextcloud | 1 Nextcloud Server | 2022-09-27 | 2.1 LOW | 5.5 MEDIUM |
| Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. If upgrading is not an option users are advised to disable system logging to resolve this issue until such time that an upgrade can be performed Note that ff you do not use the Encryption-at-Rest functionality of Nextcloud you are not affected by this bug. | |||||