Total
951 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26998 | 1 Netapp | 1 Cloud Manager | 2024-11-21 | 4.3 Medium |
| NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version. | ||||
| CVE-2021-26908 | 1 Automox | 1 Automox | 2024-11-21 | 3.3 Low |
| Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent. | ||||
| CVE-2021-25688 | 1 Teradici | 2 Pcoip Graphics Agent, Pcoip Standard Agent | 2024-11-21 | 5.5 Medium |
| Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application logs. | ||||
| CVE-2021-25423 | 1 Samsung | 1 Watch Active2 Plugin | 2024-11-21 | 5.5 Medium |
| Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log. | ||||
| CVE-2021-25422 | 1 Samsung | 1 Watch Active Plugin | 2024-11-21 | 5.5 Medium |
| Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. | ||||
| CVE-2021-25421 | 1 Samsung | 1 Galaxy Watch 3 Plugin | 2024-11-21 | 5.5 Medium |
| Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. | ||||
| CVE-2021-25420 | 1 Samsung | 1 Galaxy Watch Plugin | 2024-11-21 | 5.5 Medium |
| Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. | ||||
| CVE-2021-25350 | 2 Google, Samsung | 2 Android, Account | 2024-11-21 | 2 Low |
| Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log. | ||||
| CVE-2021-25284 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-11-21 | 4.4 Medium |
| An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. | ||||
| CVE-2021-25009 | 1 Correosexpress Project | 1 Correosexpress | 2024-11-21 | 5.3 Medium |
| The CorreosExpress WordPress plugin through 2.6.0 generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email addresses | ||||
| CVE-2021-24024 | 1 Fortinet | 2 Fortiadc, Fortiadc Manager | 2024-11-21 | 4.3 Medium |
| A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users' password in log files. | ||||
| CVE-2021-23924 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files. | ||||
| CVE-2021-23046 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Guided Configuration | 2024-11-21 | 4.9 Medium |
| On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2021-22929 | 1 Brave | 1 Brave | 2024-11-21 | 6.1 Medium |
| An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log. | ||||
| CVE-2021-22516 | 1 Microfocus | 1 Secure Api Manager | 2024-11-21 | 7.5 High |
| Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SAPIM) product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file. | ||||
| CVE-2021-22310 | 1 Huawei | 12 Nip6300, Nip6300 Firmware, Nip6600 and 9 more | 2024-11-21 | 4.4 Medium |
| There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions include: NIP6300 versions V500R001C00,V500R001C20,V500R001C30;NIP6600 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6300 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6500 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6600 versions V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80;USG9500 versions V500R005C00,V500R005C10. | ||||
| CVE-2021-22219 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.4 Medium |
| All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking. | ||||
| CVE-2021-22184 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.2 Medium |
| An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted. | ||||
| CVE-2021-22143 | 1 Elastic | 1 Apm .net Agent | 2024-11-21 | 2.1 Low |
| The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers will not be sanitized before being sent. | ||||
| CVE-2021-22133 | 2 Elastic, Redhat | 2 Apm Agent, Openshift | 2024-11-21 | 2.4 Low |
| The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it is possible the headers will not be sanitized before being sent. | ||||