ReportizFlow
Filtered by vendor
Subscriptions
Total
854 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-3429 | 1 Zte | 1 Zxcloud Goldendata Vap | 2024-11-21 | 5.3 Medium |
| All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information. | ||||
| CVE-2019-20852 | 1 Mattermost | 1 Mattermost Mobile | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local logging is not blocked for sensitive information (e.g., server addresses or message content). | ||||
| CVE-2019-20625 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) (Exynos chipsets) software. The ion debugfs driver allows information disclosure. The Samsung ID is SVE-2018-13427 (February 2019). | ||||
| CVE-2019-1622 | 1 Cisco | 1 Data Center Network Manager | 2024-11-21 | 5.3 Medium |
| A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download log files and diagnostic information from the affected device. | ||||
| CVE-2019-19756 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | 7.9 High |
| An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are only accessible to authorized users in the First Failure Data Capture (FFDC) service log and log files on LXCA. | ||||
| CVE-2019-19150 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 4.9 Medium |
| On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled. | ||||
| CVE-2019-19039 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 5.5 Medium |
| __btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program. NOTE: The BTRFS development team disputes this issues as not being a vulnerability because “1) The kernel provide facilities to restrict access to dmesg - dmesg_restrict=1 sysctl option. So it's really up to the system administrator to judge whether dmesg access shall be disallowed or not. 2) WARN/WARN_ON are widely used macros in the linux kernel. If this CVE is considered valid this would mean there are literally thousands CVE lurking in the kernel - something which clearly is not the case. | ||||
| CVE-2019-18576 | 1 Dell | 1 Xtremio Management Server | 2024-11-21 | 6.7 Medium |
| Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user. | ||||
| CVE-2019-18385 | 1 Terra-master | 2 Fs-210, Fs-210 Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring. | ||||
| CVE-2019-18244 | 1 Osisoft | 1 Pi Vision | 2024-11-21 | 4.7 Medium |
| In OSIsoft PI System multiple products and versions, a local attacker could view sensitive information in log files when service accounts are customized during installation or upgrade of PI Vision. The update fixes a previously reported issue. | ||||
| CVE-2019-18193 | 1 Unisys | 1 Stealth | 2024-11-21 | 7.5 High |
| In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material inadvertently logged under certain conditions. Fixed included in 3.4.109, 4.0.027.13, 4.0.125 and 5.0.013.0. | ||||
| CVE-2019-17398 | 1 Darkhorse | 1 Dark Horse Comics | 2024-11-21 | 9.8 Critical |
| In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication, and may be available to attackers via logcat. | ||||
| CVE-2019-17397 | 1 Doordash | 1 Doordash | 2024-11-21 | 9.8 Critical |
| In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | ||||
| CVE-2019-17396 | 1 Powerschool | 1 Powerschool Mobile | 2024-11-21 | 9.8 Critical |
| In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | ||||
| CVE-2019-17395 | 1 Rapidgator | 1 Rapidgator | 2024-11-21 | 9.8 Critical |
| In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | ||||
| CVE-2019-17394 | 1 Seesaw | 1 Parent And Family | 2024-11-21 | 9.8 Critical |
| In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | ||||
| CVE-2019-17355 | 1 Orbitz | 1 Orbitz | 2024-11-21 | 9.8 Critical |
| In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | ||||
| CVE-2019-16528 | 1 Mediawiki | 1 Abusefilter | 2024-11-21 | 7.5 High |
| An issue was discovered in the AbuseFilter extension for MediaWiki. includes/special/SpecialAbuseLog.php allows attackers to obtain sensitive information, such as deleted/suppressed usernames and summaries, from AbuseLog revision data. This affects REL1_32 and REL1_33. | ||||
| CVE-2019-16210 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 5.5 Medium |
| Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save. | ||||
| CVE-2019-16206 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 5.5 Medium |
| The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information. | ||||