Total
493 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-45034 | 1 Siemens | 8 Cp-8000 Master Module With I\/o -25\/\+70, Cp-8000 Master Module With I\/o -25\/\+70 Firmware, Cp-8000 Master Module With I\/o -40\/\+70 and 5 more | 2022-07-01 | 4.3 MEDIUM | 7.5 HIGH |
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links. | |||||
CVE-2022-30148 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-06-27 | 2.1 LOW | 5.5 MEDIUM |
Windows Desired State Configuration (DSC) Information Disclosure Vulnerability. | |||||
CVE-2022-31047 | 1 Typo3 | 1 Typo3 | 2022-06-23 | 4.0 MEDIUM | 6.5 MEDIUM |
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem. | |||||
CVE-2022-32254 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-23 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker. | |||||
CVE-2022-32565 | 1 Couchbase | 1 Couchbase Server | 2022-06-22 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids. | |||||
CVE-2022-32193 | 1 Couchbase | 1 Couchbase Server | 2022-06-22 | 3.5 LOW | 6.5 MEDIUM |
Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. | |||||
CVE-2021-43271 | 1 Riverbed | 1 Appresponse | 2022-06-15 | 7.1 HIGH | 6.8 MEDIUM |
Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a (when configured to use local, RADIUS, or TACACS authentication) logs usernames and passwords if either is entered incorrectly. If a user enters an incorrect username and/or password when logging into the WebUI, these attempted credentials are included in an error message that is logged in the WebUI log file. A log entry does not appear if the username and password provided correctly match a valid set of credentials. This also does not happen if AppResponse is configured to use SAML authentication. The WebUI log file is included in subsequent diagnostic system dumps that are generated. (Only users with Full Control access to the System Configuration permission can generate system dumps. By default, only System Administrators have Full Control access to the System Configuration permission.) | |||||
CVE-2022-30742 | 1 Samsung | 1 Find My Mobile | 2022-06-13 | 2.1 LOW | 3.3 LOW |
Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log. | |||||
CVE-2022-30741 | 1 Samsung | 1 Find My Mobile | 2022-06-13 | 2.1 LOW | 3.3 LOW |
Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log. | |||||
CVE-2022-30733 | 1 Samsung | 1 Account | 2022-06-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. | |||||
CVE-2022-20807 | 1 Cisco | 1 Telepresence Video Communication Server | 2022-06-09 | 4.0 MEDIUM | 6.5 MEDIUM |
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2022-20806 | 1 Cisco | 1 Telepresence Video Communication Server | 2022-06-09 | 5.5 MEDIUM | 7.1 HIGH |
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2022-20809 | 1 Cisco | 1 Telepresence Video Communication Server | 2022-06-07 | 3.5 LOW | 6.5 MEDIUM |
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2022-29928 | 1 Jetbrains | 1 Teamcity | 2022-05-23 | 4.0 MEDIUM | 4.9 MEDIUM |
In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible | |||||
CVE-2022-28161 | 1 Brocade | 1 Sannav | 2022-05-17 | 1.9 LOW | 5.5 MEDIUM |
An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode. | |||||
CVE-2022-28859 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2022-05-13 | 4.0 MEDIUM | 6.5 MEDIUM |
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions prior to 14.1.4.6, when installing Net HSM, the scripts (nethsm-safenet-install.sh and nethsm-thales-install.sh) expose the Net HSM partition password. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
CVE-2022-27888 | 1 Palantir | 1 Foundry Issues | 2022-05-05 | 2.1 LOW | 5.5 MEDIUM |
Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). This issue was fixed in 2.249.1. | |||||
CVE-2021-38939 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2022-05-04 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037. | |||||
CVE-2022-24875 | 1 Cve | 1 Cve-services | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the `org.conroller.js` code would erroneously log user secrets. This has been resolved in commit `46d98f2b` and should be available in subsequent versions of the software. Users of the software are advised to manually apply the `46d98f2b` commit or to update when a new version becomes available. As a workaround users should inspect their logs and remove logged secrets as appropriate. | |||||
CVE-2020-7322 | 1 Mcafee | 1 Endpoint Security | 2022-05-03 | 2.1 LOW | 4.7 MEDIUM |
Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs. |