ReportizFlow
Filtered by vendor
Subscriptions
Total
987 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30148 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-01-02 | 5.5 Medium |
| Windows Desired State Configuration (DSC) Information Disclosure Vulnerability | ||||
| CVE-2022-26907 | 1 Microsoft | 1 Azure Sdk For .net | 2025-01-02 | 5.3 Medium |
| Azure SDK for .NET Information Disclosure Vulnerability | ||||
| CVE-2023-22869 | 1 Ibm | 1 Aspera Faspex | 2024-12-19 | 5.5 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 244119. | ||||
| CVE-2023-20885 | 1 Pivotal | 3 Cloud Foundry Nfs Volume, Cloud Foundry Notifications, Cloud Foundry Smb Volume | 2024-12-16 | 6.5 Medium |
| Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions prior to 7.1.19. | ||||
| CVE-2024-54484 | 1 Apple | 1 Macos | 2024-12-13 | 5.5 Medium |
| The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data. | ||||
| CVE-2024-42407 | 2024-12-12 | 8.5 High | ||
| Insertion of Sensitive Information into Log File (CWE-532) in the Gallagher Command Centre Alarm Transmitter feature could allow an authenticated Operator to view some security sensitive information to which they have not been granted access. This issue affects: Command Centre Server 9.10 prior to 9.10.2149 (MR4), 9.00 prior to 9.00.2374 (MR5), 8.90 prior to 8.90.2356 (MR6), all versions of 8.80 and prior. | ||||
| CVE-2023-2514 | 1 Mattermost | 1 Mattermost | 2024-12-07 | 6.7 Medium |
| Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization. | ||||
| CVE-2023-32392 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-05 | 5.5 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information. | ||||
| CVE-2023-35695 | 1 Trendmicro | 1 Mobile Security | 2024-12-05 | 7.5 High |
| A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product. | ||||
| CVE-2024-28830 | 1 Checkmk | 1 Checkmk | 2024-12-04 | 2.7 Low |
| Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators. | ||||
| CVE-2024-22335 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-12-04 | 5.1 Medium |
| IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279975. | ||||
| CVE-2024-22336 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-12-04 | 5.1 Medium |
| IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976. | ||||
| CVE-2024-22337 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-12-03 | 5.1 Medium |
| IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279977. | ||||
| CVE-2023-50951 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-12-03 | 4 Medium |
| IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 in some circumstances will log some sensitive information about invalid authorization attempts. IBM X-Force ID: 275747. | ||||
| CVE-2024-47094 | 1 Checkmk | 1 Checkmk | 2024-12-03 | 5.5 Medium |
| Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users. | ||||
| CVE-2024-38862 | 1 Checkmk | 1 Checkmk | 2024-12-03 | 4.4 Medium |
| Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators. | ||||
| CVE-2023-4677 | 1 Artica | 1 Pandora Fms | 2024-12-02 | 7 High |
| Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This issue affects Pandora FMS <= 772. | ||||
| CVE-2023-49922 | 1 Elastic | 1 Elastic Beats | 2024-12-02 | 6.8 Medium |
| An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Beats or Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default. | ||||
| CVE-2018-0335 | 1 Cisco | 1 Prime Collaboration | 2024-11-29 | N/A |
| A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring a specific World-Readable file for this authentication data (Cleartext Passwords). An exploit could allow the attacker to gain authentication information for other users. Cisco Bug IDs: CSCvd86602. | ||||
| CVE-2024-52940 | 1 Anydesk | 1 Anydesk | 2024-11-23 | 7.5 High |
| AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes a public IP address within network traffic. The attacker must know the victim's AnyDesk ID. | ||||