Total
929 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25826 | 1 Samsung | 1 Galaxy Watch 3 Plugin | 2024-11-21 | 1.9 Low |
| Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log | ||||
| CVE-2022-25823 | 1 Samsung | 1 Galaxy Watch Plugin | 2024-11-21 | 1.9 Low |
| Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows attackers to access user information in log. | ||||
| CVE-2022-25518 | 1 Tecnoteca | 1 Cmdbuild | 2024-11-21 | 6.5 Medium |
| In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table. | ||||
| CVE-2022-25477 | 1 Realtek | 2 Rtsper, Rtsuer | 2024-11-21 | 5.5 Medium |
| Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 leaks driver logs that contain addresses of kernel mode objects, weakening KASLR. | ||||
| CVE-2022-25374 | 1 Hashicorp | 1 Terraform Enterprise | 2024-11-21 | 7.5 High |
| HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data. Fixed in v202202-1. | ||||
| CVE-2022-23716 | 1 Elastic | 1 Elastic Cloud Enterprise | 2024-11-21 | 5.3 Medium |
| A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster. | ||||
| CVE-2022-23715 | 1 Elastic | 1 Elastic Cloud Enterprise | 2024-11-21 | 6.5 Medium |
| A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore | ||||
| CVE-2022-23141 | 1 Zte | 2 Zxmp M721, Zxmp M721 Firmware | 2024-11-21 | 7.5 High |
| ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information. | ||||
| CVE-2022-22939 | 1 Vmware | 1 Cloud Foundation | 2024-11-21 | 4.9 Medium |
| VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files. | ||||
| CVE-2022-22703 | 2 Microsoft, Stormshield | 2 Windows, Network Security | 2024-11-21 | 5.5 Medium |
| In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer. | ||||
| CVE-2022-20809 | 1 Cisco | 1 Telepresence Video Communication Server | 2024-11-21 | 4.3 Medium |
| Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2022-20807 | 1 Cisco | 1 Telepresence Video Communication Server | 2024-11-21 | 4.3 Medium |
| Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2022-20806 | 1 Cisco | 1 Telepresence Video Communication Server | 2024-11-21 | 4.3 Medium |
| Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2022-20768 | 1 Cisco | 1 Telepresence Collaboration Endpoint | 2024-11-21 | 4.9 Medium |
| A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials. | ||||
| CVE-2022-20651 | 1 Cisco | 1 Adaptive Security Device Manager | 2024-11-21 | 5.5 Medium |
| A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. Cisco ADSM must be deployed in a shared workstation environment for this issue to be exploited. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view the credentials of other users of the shared device. | ||||
| CVE-2022-20630 | 1 Cisco | 1 Dna Center | 2024-11-21 | 4.4 Medium |
| A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative privileges could exploit this vulnerability by accessing the audit logs through the CLI. A successful exploit could allow the attacker to retrieve sensitive information that includes user credentials. | ||||
| CVE-2022-20278 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In Accounts, there is a possible way to write sensitive information to the system log due to insufficient log filtering. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-205130113 | ||||
| CVE-2022-1157 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.6 Low |
| Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged | ||||
| CVE-2022-0725 | 2 Fedoraproject, Keepass | 3 Extra Packages For Enterprise Linux, Fedora, Keepass | 2024-11-21 | 7.5 High |
| A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs. | ||||
| CVE-2022-0718 | 3 Debian, Openstack, Redhat | 5 Debian Linux, Oslo.utils, Openshift Container Platform and 2 more | 2024-11-21 | 4.9 Medium |
| A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext. | ||||