Filtered by CWE-532
Filtered by vendor Subscriptions
Total 853 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-42196 2024-12-06 6.2 Medium
HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.
CVE-2024-23242 1 Apple 3 Ipad Os, Iphone Os, Macos 2024-12-06 3.3 Low
A privacy issue was addressed by not logging contents of text fields. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to view Mail data.
CVE-2023-32392 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-12-05 5.5 Medium
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.
CVE-2023-35695 1 Trendmicro 1 Mobile Security 2024-12-05 7.5 High
A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product.
CVE-2024-28830 1 Checkmk 1 Checkmk 2024-12-04 2.7 Low
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators.
CVE-2024-22335 1 Ibm 2 Cloud Pak For Security, Qradar Suite 2024-12-04 5.1 Medium
IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279975.
CVE-2024-22336 1 Ibm 2 Cloud Pak For Security, Qradar Suite 2024-12-04 5.1 Medium
IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976.
CVE-2024-22337 1 Ibm 2 Cloud Pak For Security, Qradar Suite 2024-12-03 5.1 Medium
IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279977.
CVE-2023-50951 1 Ibm 2 Cloud Pak For Security, Qradar Suite 2024-12-03 4 Medium
IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 in some circumstances will log some sensitive information about invalid authorization attempts. IBM X-Force ID: 275747.
CVE-2024-47094 1 Checkmk 1 Checkmk 2024-12-03 5.5 Medium
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users.
CVE-2024-38862 1 Checkmk 1 Checkmk 2024-12-03 4.4 Medium
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators.
CVE-2023-4677 1 Artica 1 Pandora Fms 2024-12-02 7 High
Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This issue affects Pandora FMS <= 772.
CVE-2023-49922 1 Elastic 1 Elastic Beats 2024-12-02 6.8 Medium
An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Beats or Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default.
CVE-2024-39460 2024-11-29 4.3 Medium
Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.
CVE-2018-0335 1 Cisco 1 Prime Collaboration 2024-11-29 N/A
A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring a specific World-Readable file for this authentication data (Cleartext Passwords). An exploit could allow the attacker to gain authentication information for other users. Cisco Bug IDs: CSCvd86602.
CVE-2024-52940 1 Anydesk 1 Anydesk 2024-11-23 7.5 High
AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes a public IP address within network traffic. The attacker must know the victim's AnyDesk ID.
CVE-2024-6687 1 Thisfunctional 1 Ctt Expresso Para Woocommerce 2024-11-23 5.3 Medium
The CTT Expresso para WooCommerce plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 3.2.12 via the /wp-content/uploads/cepw directory. The generated .pdf and log files are publicly accessible and contain sensitive information such as sender and receiver names, phone numbers, physical addresses, and email addresses
CVE-2023-4380 1 Redhat 6 Ansible Automation Platform, Ansible Automation Platform Developer, Ansible Automation Platform Inside and 3 more 2024-11-23 6.3 Medium
A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.
CVE-2019-1953 1 Cisco 1 Enterprise Network Function Virtualization Infrastructure 2024-11-21 6.5 Medium
A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to view a password in clear text. The vulnerability is due to incorrectly logging the admin password when a user is forced to modify the default password when logging in to the web portal for the first time. Subsequent password changes are not logged and other accounts are not affected. An attacker could exploit this vulnerability by viewing the admin clear text password and using it to access the affected system. The attacker would need a valid user account to exploit this vulnerability.
CVE-2019-1961 1 Cisco 1 Enterprise Network Function Virtualization Infrastructure 2024-11-21 4.9 Medium
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to the improper input validation of tar packages uploaded through the Web Portal to the Image Repository. An attacker could exploit this vulnerability by uploading a crafted tar package and viewing the log entries that are generated. A successful exploit could allow the attacker to read arbitrary files on the underlying OS.