ReportizFlow
Filtered by vendor
Subscriptions
Total
1122 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28443 | 1 Monospace | 1 Directus | 2025-02-21 | 4.2 Medium |
| Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3. | ||||
| CVE-2022-41618 | 1 Davidlingren | 1 Media Library Assistant | 2025-02-20 | 3.7 Low |
| Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress. | ||||
| CVE-2022-39043 | 1 Juiker | 1 Juiker | 2025-02-19 | 2.4 Low |
| Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts. | ||||
| CVE-2023-25721 | 1 Veracode | 1 Veracode | 2025-02-19 | 6.5 Medium |
| Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using proxy" option is enabled and configured with proxy credentials and when the Jenkins global system setting debug is enabled and when a scan is configured for remote agent jobs, allows users (with access to view the job log) to discover proxy credentials. | ||||
| CVE-2023-28630 | 1 Thoughtworks | 1 Gocd | 2025-02-19 | 4.2 Medium |
| GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0, if the server environment is not correctly configured by administrators to provide access to the relevant PostgreSQL or MySQL backup tools, the credentials for database access may be unintentionally leaked to admin alerts on the GoCD user interface. The vulnerability is triggered only if the GoCD server host is misconfigured to have backups enabled, but does not have access to the `pg_dump` or `mysqldump` utility tools to backup the configured database type (PostgreSQL or MySQL respectively). In such cases, failure to launch the expected backup utility reports the shell environment used to attempt to launch in the server admin alert, which includes the plaintext database password supplied to the configured tool. This vulnerability does not affect backups of the default on-disk H2 database that GoCD is configured to use. This issue has been addressed and fixed in GoCD 23.1.0. Users are advised to upgrade. Users unable to upgrade may disable backups, or administrators should ensure that the required `pg_dump` (PostgreSQL) or `mysqldump` (MySQL) binaries are available on the GoCD server when backups are triggered. | ||||
| CVE-2022-48228 | 1 Gbgplc | 1 Acuant Asureid Sentinel | 2025-02-14 | 5.5 Medium |
| An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It uses the root of the C: drive for the i-Dentify and Sentinel Installer log files, aka CORE-7362. | ||||
| CVE-2023-46672 | 1 Elastic | 1 Logstash | 2025-02-13 | 8.4 High |
| An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format. * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration. | ||||
| CVE-2024-25030 | 1 Ibm | 1 Db2 | 2025-02-13 | 6.2 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281677. | ||||
| CVE-2024-0831 | 1 Hashicorp | 1 Vault | 2025-02-13 | 4.5 Medium |
| Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`. | ||||
| CVE-2023-31417 | 1 Elastic | 1 Elasticsearch | 2025-02-13 | 4.1 Medium |
| Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. It was found that this filtering was not applied when requests to Elasticsearch use certain deprecated URIs for APIs. The impact of this flaw is that sensitive information such as passwords and tokens might be printed in cleartext in Elasticsearch audit logs. Note that audit logging is disabled by default and needs to be explicitly enabled and even when audit logging is enabled, request bodies that could contain sensitive information are not printed to the audit log unless explicitly configured. | ||||
| CVE-2023-2878 | 1 Kubernetes | 1 Secrets-store-csi-driver | 2025-02-13 | 6.5 Medium |
| Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs. | ||||
| CVE-2023-42857 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-02-13 | 3.3 Low |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data. | ||||
| CVE-2023-41254 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-02-13 | 5.5 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to access sensitive user data. | ||||
| CVE-2023-40442 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-02-13 | 3.3 Low |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information. | ||||
| CVE-2023-40405 | 1 Apple | 1 Macos | 2025-02-13 | 3.3 Low |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1. An app may be able to read sensitive location information. | ||||
| CVE-2023-40392 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-02-13 | 3.3 Low |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information. | ||||
| CVE-2023-1786 | 3 Canonical, Fedoraproject, Redhat | 4 Cloud-init, Ubuntu Linux, Fedora and 1 more | 2025-02-13 | 5.5 Medium |
| Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. | ||||
| CVE-2023-1550 | 1 F5 | 2 Nginx Agent, Nginx Instance Manager | 2025-02-13 | 5.5 Medium |
| Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when the non-default trace level logging is enabled. Note: NGINX Agent is included with NGINX Instance Manager and used in conjunction with NGINX API Connectivity Manager, and NGINX Management Suite Security Monitoring. | ||||
| CVE-2024-52067 | 1 Apache | 1 Nifi | 2025-02-11 | 4.9 Medium |
| Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causing the application to write Parameter names and values to the application log. Parameter Context values may contain sensitive information depending on application flow configuration. Deployments of Apache NiFi with the default Logback configuration do not log Parameter Context values. Upgrading to Apache NiFi 2.0.0 or 1.28.1 is the recommendation mitigation, eliminating Parameter value logging from the flow synchronization process regardless of the Logback configuration. | ||||
| CVE-2022-48435 | 1 Jetbrains | 1 Phpstorm | 2025-02-11 | 3.3 Low |
| In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file | ||||