ReportizFlow
Filtered by vendor
Subscriptions
Total
854 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-20891 | 1 Vmware | 2 Isolation Segment, Tanzu Application Service For Virtual Machines | 2024-11-21 | 6.5 Medium |
| The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs. | ||||
| CVE-2023-20859 | 1 Vmware | 3 Spring Cloud Config, Spring Cloud Vault, Spring Vault | 2024-11-21 | 5.5 Medium |
| In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token. | ||||
| CVE-2023-20207 | 1 Duo | 1 Authentication Proxy | 2024-11-21 | 4.9 Medium |
| A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to view sensitive information in clear text. | ||||
| CVE-2023-1904 | 1 Octopus | 1 Octopus Server | 2024-11-21 | 4.2 Medium |
| In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server. | ||||
| CVE-2023-1786 | 3 Canonical, Fedoraproject, Redhat | 4 Cloud-init, Ubuntu Linux, Fedora and 1 more | 2024-11-21 | 5.5 Medium |
| Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. | ||||
| CVE-2023-1550 | 1 F5 | 2 Nginx Agent, Nginx Instance Manager | 2024-11-21 | 5.5 Medium |
| Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when the non-default trace level logging is enabled. Note: NGINX Agent is included with NGINX Instance Manager and used in conjunction with NGINX API Connectivity Manager, and NGINX Management Suite Security Monitoring. | ||||
| CVE-2023-0815 | 1 Opennms | 2 Horizon, Meridian | 2024-11-21 | 6.8 Medium |
| Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | ||||
| CVE-2023-0436 | 1 Mongodb | 1 Atlas Kubernetes Operator | 2024-11-21 | 4.5 Medium |
| The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 1.6.1, 1.7.0. Please note that this is reported on an EOL version of the product, and users are advised to upgrade to the latest supported version. Required Configuration: DEBUG logging is not enabled by default, and must be configured by the end-user. To check the log-level of the Operator, review the flags passed in your deployment configuration (eg. https://github.com/mongodb/mongodb-atlas-kubernetes/blob/main/config/manager/manager.yaml#L27 https://github.com/mongodb/mongodb-atlas-kubernetes/blob/main/config/manager/manager.yaml#L27 ) | ||||
| CVE-2022-4858 | 1 M-files | 1 M-files Server | 2024-11-21 | 4.4 Medium |
| Insertion of Sensitive Information into Log Files in M-Files Server before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set. | ||||
| CVE-2022-4311 | 1 Arcinformatique | 1 Pcvue | 2024-11-21 | 4.7 Medium |
| An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This could allow a user with access to the log files to discover connection strings of data sources configured for the DbConnect, which could include credentials. Successful exploitation of this vulnerability could allow other users unauthorized access to the underlying data sources. | ||||
| CVE-2022-48435 | 1 Jetbrains | 1 Phpstorm | 2024-11-21 | 3.3 Low |
| In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file | ||||
| CVE-2022-48319 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 6.5 Medium |
| Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk <= 2.1.0p13, Checkmk <= 2.0.0p29, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to gain access to the host secret through the unprotected agent updater log file. | ||||
| CVE-2022-48228 | 1 Gbgplc | 1 Acuant Asureid Sentinel | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It uses the root of the C: drive for the i-Dentify and Sentinel Installer log files, aka CORE-7362. | ||||
| CVE-2022-46647 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | 2.5 Low |
| Insertion of sensitive information into log file for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2022-45098 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 6.1 Medium |
| Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2022-44745 | 1 Acronis | 1 Cyber Protect Home Office | 2024-11-21 | 5.5 Medium |
| Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | ||||
| CVE-2022-44624 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 6.5 Medium |
| In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters | ||||
| CVE-2022-44587 | 1 Melapress | 1 Wp 2fa | 2024-11-21 | 5.3 Medium |
| Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3. | ||||
| CVE-2022-43954 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 4.1 Medium |
| An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page. | ||||
| CVE-2022-43930 | 2 Ibm, Microsoft | 2 Db2, Windows | 2024-11-21 | 6.2 Medium |
| IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677. | ||||