Filtered by vendor
Subscriptions
Total
853 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-9621 | 1 Redhat | 1 Camel Quarkus | 2024-12-24 | 5.3 Medium |
A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging properties, and the attacker must have access to the application log. | ||||
CVE-2024-12569 | 2024-12-20 | 7.5 High | ||
Disclosure of sensitive information in HikVision camera driver's log file in XProtect Device Pack allows an attacker to read camera credentials stored in the Recording Server under specific conditions. | ||||
CVE-2023-22869 | 1 Ibm | 1 Aspera Faspex | 2024-12-19 | 5.5 Medium |
IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 244119. | ||||
CVE-2024-8775 | 1 Redhat | 4 Ansible Automation Platform, Ansible Automation Platform Developer, Ansible Automation Platform Inside and 1 more | 2024-12-18 | 5.5 Medium |
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions. | ||||
CVE-2024-49816 | 1 Ibm | 1 Security Guardium Key Lifecycle Manager | 2024-12-17 | 4.9 Medium |
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user. | ||||
CVE-2023-20885 | 1 Pivotal | 3 Cloud Foundry Nfs Volume, Cloud Foundry Notifications, Cloud Foundry Smb Volume | 2024-12-16 | 6.5 Medium |
Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions prior to 7.1.19. | ||||
CVE-2023-6746 | 1 Github | 1 Enterprise Server | 2024-12-16 | 8.1 High |
An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | ||||
CVE-2024-54484 | 1 Apple | 1 Macos | 2024-12-13 | 5.5 Medium |
The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data. | ||||
CVE-2024-55578 | 2024-12-12 | 4.3 Medium | ||
Zammad before 6.4.1 places sensitive data (such as auth_microsoft_office365_credentials and application_secret) in log files. | ||||
CVE-2024-12292 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 4 Medium |
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs. | ||||
CVE-2024-42407 | 2024-12-12 | 8.5 High | ||
Insertion of Sensitive Information into Log File (CWE-532) in the Gallagher Command Centre Alarm Transmitter feature could allow an authenticated Operator to view some security sensitive information to which they have not been granted access. This issue affects: Command Centre Server 9.10 prior to 9.10.2149 (MR4), 9.00 prior to 9.00.2374 (MR5), 8.90 prior to 8.90.2356 (MR6), all versions of 8.80 and prior. | ||||
CVE-2024-12057 | 2024-12-11 | N/A | ||
User credentials (login & password) are inserted into log files when a user tries to authenticate using a version of a Web client that is not compatible with that of the PcVue Web back end. By exploiting this vulnerability, an attacker could retrieve the credentials of a user by accessing the Log File. Successful exploitation of this vulnerability could lead to unauthorized access to the application. | ||||
CVE-2024-45739 | 1 Splunk | 1 Splunk | 2024-12-10 | 4.9 Medium |
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level. | ||||
CVE-2023-46231 | 1 Splunk | 1 Add-on Builder | 2024-12-10 | 8.8 High |
In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on. | ||||
CVE-2024-29945 | 1 Splunk | 1 Splunk | 2024-12-10 | 7.2 High |
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at the DEBUG logging level. | ||||
CVE-2024-23677 | 1 Splunk | 2 Cloud, Splunk | 2024-12-10 | 4.3 Medium |
In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file. | ||||
CVE-2024-45738 | 1 Splunk | 1 Splunk | 2024-12-10 | 4.9 Medium |
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level. | ||||
CVE-2023-46230 | 1 Splunk | 1 Add-on Builder | 2024-12-10 | 8.2 High |
In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files. | ||||
CVE-2023-2514 | 1 Mattermost | 1 Mattermost | 2024-12-07 | 6.7 Medium |
Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization. | ||||
CVE-2024-47913 | 2024-12-07 | 5.3 Medium | ||
An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter. |