ReportizFlow
Filtered by vendor
Subscriptions
Total
855 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3425 | 1 Redhat | 2 Amq Broker, Jboss A-mq | 2024-11-21 | 4.4 Medium |
| A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable. | ||||
| CVE-2021-3167 | 1 Cloudera | 1 Data Engineering | 2024-11-21 | 6.5 Medium |
| In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs. | ||||
| CVE-2021-3039 | 1 Paloaltonetworks | 1 Prisma Cloud | 2024-11-21 | 3.8 Low |
| An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412. | ||||
| CVE-2021-3037 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 2.3 Low |
| An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS configuration to the destination server. | ||||
| CVE-2021-3036 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.4 Medium |
| An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to use the PAN-OS XML API and exists only when a client includes a duplicate API parameter in API requests. Logged information includes the cleartext username, password, and API key of the administrator making the PAN-OS XML API request. | ||||
| CVE-2021-3034 | 1 Paloaltonetworks | 1 Cortex Xsoar | 2024-11-21 | 5.1 Medium |
| An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144. | ||||
| CVE-2021-3032 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.4 Medium |
| An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of the configuration including the username and password in an encrypted form and private keys used in any certificate profiles set for log forwarding server profiles. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. | ||||
| CVE-2021-39913 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.4 Medium |
| Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges | ||||
| CVE-2021-39900 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2 Low |
| Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs. | ||||
| CVE-2021-39739 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184525194 | ||||
| CVE-2021-39715 | 1 Google | 1 Android | 2024-11-21 | 4.4 Medium |
| In __show_regs of process.c, there is a possible leak of kernel memory and addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-178379135References: Upstream kernel | ||||
| CVE-2021-39291 | 1 Netmodule | 16 Nb1600, Nb1601, Nb1800 and 13 more | 2024-11-21 | 8.8 High |
| Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800. | ||||
| CVE-2021-39246 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2024-11-21 | 6.1 Medium |
| Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the destination server (or collected by a rogue site within the Tor network). | ||||
| CVE-2021-39032 | 2 Ibm, Microsoft | 2 Sterling Gentran, Windows | 2024-11-21 | 5.5 Medium |
| IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 213962. | ||||
| CVE-2021-39011 | 2 Ibm, Linux | 2 Cloud Pak For Security, Linux Kernel | 2024-11-21 | 4.2 Medium |
| IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user. IBM X-Force ID: 213645. | ||||
| CVE-2021-38939 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 5.3 Medium |
| IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037. | ||||
| CVE-2021-37861 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 5.8 Medium |
| Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails. | ||||
| CVE-2021-37760 | 1 Graylog | 1 Graylog | 2024-11-21 | 9.8 Critical |
| A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID). | ||||
| CVE-2021-37759 | 1 Graylog | 1 Graylog | 2024-11-21 | 9.8 Critical |
| A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID). | ||||
| CVE-2021-37709 | 1 Shopware | 1 Shopware | 2024-11-21 | 6.5 Medium |
| Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. | ||||