Total
926 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1350 | 1 Netiq | 1 Identity Manager | 2024-11-21 | N/A |
| The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration. | ||||
| CVE-2018-1349 | 1 Netiq | 1 Identity Manager | 2024-11-21 | N/A |
| The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration. | ||||
| CVE-2018-1264 | 1 Pivotal Software | 1 Cloud Foundry Log Cache | 2024-11-21 | N/A |
| Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case, if this client is an admin, the attacker would gain complete control over the Foundation. | ||||
| CVE-2018-1241 | 1 Emc | 2 Recoverpoint, Recoverpoint For Virtual Machines | 2024-11-21 | N/A |
| Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain the exposed LDAP password to use it in further attacks. | ||||
| CVE-2018-1223 | 1 Pivotal | 1 Cloud Foundry Container Runtime | 2024-11-21 | 8.8 High |
| Cloud Foundry Container Runtime (kubo-release), versions prior to 0.14.0, may leak UAA and vCenter credentials to application logs. A malicious user with the ability to read the application logs could use these credentials to escalate privileges. | ||||
| CVE-2018-1198 | 1 Pivotal Software | 1 Pivotal Cloud Cache | 2024-11-21 | N/A |
| Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during BOSH deployment logs. A malicious user with access to the logs could escalate their privileges using this password. | ||||
| CVE-2018-1117 | 2 Ovirt, Redhat | 3 Ovirt-ansible-roles, Enterprise Virtualization, Rhev Manager | 2024-11-21 | N/A |
| ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin passwords in the provisioning log. In an environment where logs are shared with other parties, this could lead to privilege escalation. | ||||
| CVE-2018-1075 | 2 Ovirt, Redhat | 2 Ovirt, Rhev Manager | 2024-11-21 | N/A |
| ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords. | ||||
| CVE-2018-1072 | 2 Ovirt, Redhat | 3 Ovirt, Enterprise Virtualization Manager, Rhev Manager | 2024-11-21 | N/A |
| ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options "--provision*db", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords. | ||||
| CVE-2018-19865 | 2 Opensuse, Qt | 2 Leap, Qt | 2024-11-21 | N/A |
| A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. | ||||
| CVE-2018-19863 | 1 Agilebits | 1 1password | 2024-11-21 | N/A |
| An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on macOS. A mistake in error logging resulted in instances where sensitive data passed from Safari to 1Password could be logged locally on the user's machine. This data could include usernames and passwords that a user manually entered into Safari. | ||||
| CVE-2018-19786 | 1 Hashicorp | 1 Vault | 2024-11-21 | 7.3 High |
| HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported. | ||||
| CVE-2018-19583 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token. | ||||
| CVE-2018-19513 | 1 Ens | 1 Webgalamb | 2024-11-21 | N/A |
| In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log filenames. The log file could contain sensitive client data (email addresses) and also facilitates exploitation of SQL injection errors. | ||||
| CVE-2018-19014 | 1 Draeger | 8 Delta Xl, Delta Xl Firmware, Infinity Delta and 5 more | 2024-11-21 | N/A |
| Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration. | ||||
| CVE-2018-1999036 | 1 Jenkins | 1 Ssh Agent | 2024-11-21 | N/A |
| An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log. | ||||
| CVE-2018-18466 | 1 Securenvoy | 1 Securaccess | 2024-11-21 | N/A |
| An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in the DEBUG folder) that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability since the disclosure of a local account password (actually an alpha numeric passcode) is achievable only when a custom registry key is added to the windows registry. This action requires administrator access and the registry key is only provided by support staff at securenvoy to troubleshoot customer issues | ||||
| CVE-2018-17922 | 1 Circontrol | 2 Circarlife, Circarlife Firmware | 2024-11-21 | N/A |
| Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication. | ||||
| CVE-2018-17499 | 1 Envoy | 1 Passport | 2024-11-21 | N/A |
| Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive information. | ||||
| CVE-2018-17447 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2024-11-21 | N/A |
| An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | ||||