Total
953 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-33688 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. | ||||
CVE-2022-33687 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log. | ||||
CVE-2022-32565 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 7.5 High |
An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids. | ||||
CVE-2022-32556 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 7.5 High |
An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log files with certain crashes. | ||||
CVE-2022-32254 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 4.3 Medium |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker. | ||||
CVE-2022-32193 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 6.5 Medium |
Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. | ||||
CVE-2022-31674 | 1 Vmware | 1 Vrealize Operations | 2024-11-21 | 4.3 Medium |
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure. | ||||
CVE-2022-30742 | 1 Samsung | 1 Find My Mobile | 2024-11-21 | 3.3 Low |
Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log. | ||||
CVE-2022-30741 | 1 Samsung | 1 Find My Mobile | 2024-11-21 | 3.3 Low |
Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log. | ||||
CVE-2022-30733 | 1 Samsung | 1 Account | 2024-11-21 | 4 Medium |
Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. | ||||
CVE-2022-2394 | 1 Perforce | 1 Puppet Bolt | 2024-11-21 | 4.1 Medium |
Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise. | ||||
CVE-2022-29928 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.4 Medium |
In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible | ||||
CVE-2022-29869 | 3 Debian, Fedoraproject, Samba | 3 Debian Linux, Fedora, Cifs-utils | 2024-11-21 | 5.3 Medium |
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. | ||||
CVE-2022-29810 | 2 Hashicorp, Redhat | 4 Go-getter, Acm, Openshift and 1 more | 2024-11-21 | 5.5 Medium |
The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter. | ||||
CVE-2022-29550 | 1 Qualys | 1 Cloud Agent | 2024-11-21 | 5.5 Medium |
An issue was discovered in Qualys Cloud Agent 4.8.0-49. It writes "ps auxwwe" output to the /var/log/qualys/qualys-cloud-agent-scan.log file. This may, for example, unexpectedly write credentials (from environment variables) to disk in cleartext. NOTE: there are no common circumstances in which qualys-cloud-agent-scan.log can be read by a user other than root; however, the file contents could be exposed through site-specific operational practices. The vendor does NOT characterize this as a vulnerability because the ps data collection is intentional, and would only capture credentials on a machine that was already affected by the CWE-214 weakness | ||||
CVE-2022-29071 | 1 Arista | 1 Cloudvision Portal | 2024-11-21 | 4 Medium |
This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users. | ||||
CVE-2022-28859 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 6.5 Medium |
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions prior to 14.1.4.6, when installing Net HSM, the scripts (nethsm-safenet-install.sh and nethsm-thales-install.sh) expose the Net HSM partition password. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
CVE-2022-28625 | 1 Hp | 1 Oneview | 2024-11-21 | 5.5 Medium |
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView. | ||||
CVE-2022-28161 | 1 Brocade | 1 Sannav | 2024-11-21 | 5.5 Medium |
An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode. | ||||
CVE-2022-27888 | 1 Palantir | 1 Foundry Issues | 2024-11-21 | 5.5 Medium |
Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). This issue was fixed in 2.249.1. |