ReportizFlow
Filtered by vendor
Subscriptions
Total
853 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-0741 | 1 Microsoft | 1 Java Software Development Kit | 2024-11-21 | N/A |
| An information disclosure vulnerability exists in the way Azure IoT Java SDK logs sensitive information, aka 'Azure IoT Java SDK Information Disclosure Vulnerability'. | ||||
| CVE-2019-0380 | 1 Sap | 1 Landscape Management | 2024-11-21 | 4.9 Medium |
| Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information Disclosure. | ||||
| CVE-2019-0266 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | N/A |
| Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking information is increased. | ||||
| CVE-2019-0202 | 1 Apache | 1 Storm | 2024-11-21 | N/A |
| The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints. | ||||
| CVE-2019-0032 | 1 Juniper | 2 Service Insight, Service Now | 2024-11-21 | 7.8 High |
| A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1. | ||||
| CVE-2019-0029 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2024-11-21 | N/A |
| Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can access the Splunk server. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | ||||
| CVE-2019-0021 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2024-11-21 | N/A |
| On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information. This issue affects Juniper ATP 5.0 versions prior to 5.0.4. | ||||
| CVE-2019-0004 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2024-11-21 | 5.5 Medium |
| On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | ||||
| CVE-2018-8719 | 1 Wpsecurityauditlog | 1 Wp Security Audit Log | 2024-11-21 | N/A |
| An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. For example, these files are indexed by Google and allows for attackers to possibly find sensitive information. | ||||
| CVE-2018-7754 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file. | ||||
| CVE-2018-7683 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | N/A |
| Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files. | ||||
| CVE-2018-7682 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | N/A |
| Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains. | ||||
| CVE-2018-7433 | 1 Ithemes | 1 Security | 2024-11-21 | N/A |
| The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page. | ||||
| CVE-2018-7204 | 1 Giribaz | 1 File Manager | 2024-11-21 | N/A |
| inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If a user edits the wp-config.php file using this plugin, the wp-config.php contents get added to log.txt, which is not protected and contains database credentials, salts, etc. These files have been indexed by Google and a simple dork will find affected sites. | ||||
| CVE-2018-6971 | 1 Vmware | 1 Horizon View Agents | 2024-11-21 | N/A |
| VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during installation (including silent installations). Successful exploitation of this issue may allow low privileged users access to the credentials specified during the Horizon View Agent installation. | ||||
| CVE-2018-6599 | 1 Orbic | 2 Wonder Rc555l, Wonder Rc555l Firmware | 2024-11-21 | N/A |
| An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices, allowing attackers to obtain sensitive information (such as text-message content) by reading a copy of the Android log on the SD card. The system-wide Android logs are not directly available to third-party apps since they tend to contain sensitive data. Third-party apps can read from the log but only the log messages that the app itself has written. Certain apps can leak data to the Android log due to not sanitizing log messages, which is in an insecure programming practice. Pre-installed system apps and apps that are signed with the framework key can read from the system-wide Android log. We found a pre-installed app on the Orbic Wonder that when started via an Intent will write the Android log to the SD card, also known as external storage, via com.ckt.mmitest.MmiMainActivity. Any app that requests the READ_EXTERNAL_STORAGE permission can read from the SD card. Therefore, a local app on the device can quickly start a specific component in the pre-installed system app to have the Android log written to the SD card. Therefore, any app co-located on the device with the READ_EXTERNAL_STORAGE permission can obtain the data contained within the Android log and continually monitor it and mine the log for relevant data. In addition, the default messaging app (com.android.mms) writes the body of sent and received text messages to the Android log, as well as the recipient phone number for sent text messages and the sending phone number for received text messages. In addition, any call data contains phone numbers for sent and received calls. | ||||
| CVE-2018-5693 | 1 Linuxmagic | 1 Magicspam | 2024-11-21 | N/A |
| The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog. | ||||
| CVE-2018-3828 | 1 Elastic | 1 Elastic Cloud Enterprise | 2024-11-21 | N/A |
| Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to the logging cluster may obtain leaked credentials and perform authenticated actions using these credentials. | ||||
| CVE-2018-3827 | 1 Elastic | 1 Azure Repository | 2024-11-21 | 8.1 High |
| A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged. | ||||
| CVE-2018-3817 | 1 Elastic | 1 Logstash | 2024-11-21 | N/A |
| When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information. | ||||