Filtered by CWE-532
Filtered by vendor Subscriptions
Total 855 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-11605 1 Google 1 Android 2024-11-21 7.5 High
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is sensitive information exposure from dumpstate in NFC logs. The Samsung ID is SVE-2019-16359 (April 2020).
CVE-2020-11094 1 Octobercms 1 Debugbar 2024-11-21 6.1 Medium
The October CMS debugbar plugin before version 3.1.0 contains a feature where it will log all requests (and all information pertaining to each request including session data) whenever it is enabled. This presents a problem if the plugin is ever enabled on a system that is open to untrusted users as the potential exists for them to use this feature to view all requests being made to the application and obtain sensitive information from those requests. There even exists the potential for account takeovers of authenticated users by non-authenticated public users, which would then lead to a number of other potential issues as an attacker could theoretically get full access to the system if the required conditions existed. Issue has been patched in v3.1.0 by locking down access to the debugbar to all users; it now requires an authenticated backend user with a specifically enabled permission before it is even usable, and the feature that allows access to stored request information is restricted behind a different permission that's more restrictive.
CVE-2020-10763 2 Heketi Project, Redhat 6 Heketi, Enterprise Linux, Gluster Storage and 3 more 2024-11-21 5.5 Medium
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.
CVE-2020-10762 1 Redhat 2 Gluster-block, Storage 2024-11-21 5.5 Medium
An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations. This includes recording passwords to the cmd_history.log file which is world-readable. This flaw allows local users to obtain sensitive information by reading the log file. The highest threat from this vulnerability is to data confidentiality.
CVE-2020-10752 1 Redhat 1 Openshift Container Platform 2024-11-21 7.5 High
A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token.
CVE-2020-10750 2 Linuxfoundation, Redhat 2 Jaeger, Jaeger 2024-11-21 7.1 High
Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials.
CVE-2020-10712 1 Redhat 2 Openshift, Openshift Container Platform 2024-11-21 7 High
A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The highest threat from this vulnerability is to data integrity.
CVE-2020-10052 1 Siemens 1 Simatic Rtls Locating Manager 2024-11-21 5.5 Medium
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as usernames and passwords in log files. A local attacker with access to the log files could use this information to launch further attacks.
CVE-2020-0476 1 Google 1 Android 2024-11-21 4.4 Medium
In onNotificationRemoved of Assistant.java, there is a possible leak of sensitive information to logs. This could lead to local information disclosure with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162014574
CVE-2020-0018 1 Google 1 Android 2024-11-21 4.4 Medium
In MotionEntry::appendDescription of InputDispatcher.cpp, there is a possible log information disclosure. This could lead to local disclosure of user input with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139945049
CVE-2019-9976 1 Dasannetworks 2 H660rm, H660rm Firmware 2024-11-21 N/A
The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users.
CVE-2019-9929 1 Northern 1 Cfengine 2024-11-21 N/A
Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions.
CVE-2019-9734 1 Aquaverde 1 Aquarius Cms 2024-11-21 N/A
Aquarius CMS through 4.3.5 writes POST and GET parameters (including passwords) to a log file due to an overwriting of configuration parameters under certain circumstances.
CVE-2019-9724 1 Aquaverde 1 Aquarius Cms 2024-11-21 N/A
aquaverde Aquarius CMS through 4.3.5 allows Information Exposure through Log Files because of an error in the Log-File writer component.
CVE-2019-9277 1 Google 1 Android 2024-11-21 3.3 Low
In the proc filesystem, there is a possible information disclosure due to log information disclosure. This could lead to local disclosure of app and browser activity with User execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-68016944
CVE-2019-8944 1 Octopus 2 Octopus Deploy, Octopus Server 2024-11-21 N/A
An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (and before 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files.
CVE-2019-7612 2 Elastic, Netapp 2 Logstash, Active Iq Performance Analytics Services 2024-11-21 9.8 Critical
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.
CVE-2019-6662 1 F5 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more 2024-11-21 6.5 Medium
On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that data.
CVE-2019-6656 1 F5 2 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client 2024-11-21 7.5 High
BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM 13.1.0 and later, the APM Clients components can be updated independently from BIG-IP software. Client version 7.1.8 (7180.2019.508.705) and later has the fix.
CVE-2019-6648 2 F5, Redhat 2 Container Ingress Service, Openshift 2024-11-21 4.4 Medium
On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.