Total
931 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27502 | 2024-11-21 | 3.3 Low | ||
| Insertion of sensitive information into log file for some Intel(R) Local Manageability Service software before version 2316.5.1.2 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2023-26207 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 3.3 Low |
| An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10. 7.2.0 through 7.2.1 allows an attacker to read certain passwords in plain text. | ||||
| CVE-2023-26026 | 1 Ibm | 1 Cloud Pak For Data | 2024-11-21 | 5.3 Medium |
| Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896. | ||||
| CVE-2023-26023 | 1 Ibm | 1 Cloud Pak For Data | 2024-11-21 | 6.5 Medium |
| Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896. | ||||
| CVE-2023-25682 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 6.2 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 247034. | ||||
| CVE-2023-25604 | 1 Fortinet | 1 Fortiguest | 2024-11-21 | 5.5 Medium |
| An insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allows a local attacker to access plaintext passwords in the RADIUS logs. | ||||
| CVE-2023-21387 | 1 Google | 1 Android | 2024-11-21 | 4.4 Medium |
| In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-20891 | 1 Vmware | 2 Isolation Segment, Tanzu Application Service For Virtual Machines | 2024-11-21 | 6.5 Medium |
| The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs. | ||||
| CVE-2023-20207 | 1 Duo | 1 Authentication Proxy | 2024-11-21 | 4.9 Medium |
| A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to view sensitive information in clear text. | ||||
| CVE-2023-1904 | 1 Octopus | 1 Octopus Server | 2024-11-21 | 4.2 Medium |
| In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server. | ||||
| CVE-2023-0436 | 1 Mongodb | 1 Atlas Kubernetes Operator | 2024-11-21 | 4.5 Medium |
| The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 1.6.1, 1.7.0. Please note that this is reported on an EOL version of the product, and users are advised to upgrade to the latest supported version. Required Configuration: DEBUG logging is not enabled by default, and must be configured by the end-user. To check the log-level of the Operator, review the flags passed in your deployment configuration (eg. https://github.com/mongodb/mongodb-atlas-kubernetes/blob/main/config/manager/manager.yaml#L27 https://github.com/mongodb/mongodb-atlas-kubernetes/blob/main/config/manager/manager.yaml#L27 ) | ||||
| CVE-2022-4858 | 1 M-files | 1 M-files Server | 2024-11-21 | 4.4 Medium |
| Insertion of Sensitive Information into Log Files in M-Files Server before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set. | ||||
| CVE-2022-46647 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | 2.5 Low |
| Insertion of sensitive information into log file for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2022-44587 | 1 Melapress | 1 Wp 2fa | 2024-11-21 | 5.3 Medium |
| Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3. | ||||
| CVE-2022-43954 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 4.1 Medium |
| An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page. | ||||
| CVE-2022-40979 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.4 Medium |
| In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable | ||||
| CVE-2022-39876 | 1 Samsung | 1 Reminder | 2024-11-21 | 5.9 Medium |
| Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI. | ||||
| CVE-2022-39874 | 1 Samsung | 1 Account | 2024-11-21 | 4 Medium |
| Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. | ||||
| CVE-2022-39821 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | 7.5 High |
| In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem. | ||||
| CVE-2022-39046 | 2 Gnu, Netapp | 12 Glibc, H300s, H300s Firmware and 9 more | 2024-11-21 | 7.5 High |
| An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap. | ||||