ReportizFlow
Filtered by vendor
Subscriptions
Total
853 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-14700 | 1 Drobo | 2 5n2, 5n2 Firmware | 2024-11-21 | N/A |
| Incorrect access control in the /mysql/api/logfile.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve MySQL log files via the "name" URL parameter. | ||||
| CVE-2018-12604 | 1 Njtech | 1 Greencms | 2024-11-21 | N/A |
| GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/year_month_day.log. | ||||
| CVE-2018-11717 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain (depending on the modules configured) the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail settings of the EAS account (an AD account used to send mail), the cleartext password of recovery_password of Android devices, the cleartext password of account "set", the location of devices enrolled in the platform (with UUID and information related to the name of the person at the location), critical information about all enrolled devices such as Serial Number, UUID, Model, Name, and auth_session_token (usable to spoof a terminal identity on the platform), etc. | ||||
| CVE-2018-11716 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords, patching level, etc.) via a GET request on port 8022, 8443, or 8444. | ||||
| CVE-2018-11320 | 1 Octopus | 1 Octopus Server | 2024-11-21 | N/A |
| In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs. | ||||
| CVE-2018-10889 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
| A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester. | ||||
| CVE-2018-10855 | 3 Canonical, Debian, Redhat | 8 Ubuntu Linux, Debian Linux, Ansible Engine and 5 more | 2024-11-21 | 5.9 Medium |
| Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible. | ||||
| CVE-2018-1000187 | 1 Jenkins | 1 Kubernetes | 2024-11-21 | N/A |
| A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs. | ||||
| CVE-2018-1000123 | 1 Ionicframework | 1 Ios Keychain | 2024-11-21 | N/A |
| Ionic Team Cordova plugin iOS Keychain version before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf contains an Information Exposure Through Log Files (CWE-532) vulnerability in CDVKeychain.m that can result in login, password and other sensitive data leakage. This attack appear to be exploitable via Attacker must have access to victim's iOS logs. This vulnerability appears to have been fixed in after commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf. | ||||
| CVE-2018-1000089 | 1 Django-anymail Project | 1 Django-anymail | 2024-11-21 | N/A |
| Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your Django error reports, an attacker could discover your ANYMAIL_WEBHOOK setting and use this to post fabricated or malicious Anymail tracking/inbound events to your app. This vulnerability appears to have been fixed in v1.4. | ||||
| CVE-2018-1000060 | 2 Redhat, Sensu | 2 Openstack-optools, Sensu Core | 2024-11-21 | N/A |
| Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redact_sensitive() that can result in sensitive configuration data (e.g. passwords) may be logged in clear-text. This attack appear to be exploitable via victims with configuration matching a specific pattern will observe sensitive data outputted in their service log files. This vulnerability appears to have been fixed in 1.2.1 and later, after commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b. | ||||
| CVE-2018-1000018 | 1 Ovirt | 1 Ovirt-hosted-engine-setup | 2024-11-21 | N/A |
| An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file. | ||||
| CVE-2018-0504 | 3 Debian, Mediawiki, Redhat | 3 Debian Linux, Mediawiki, Openshift | 2024-11-21 | N/A |
| Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid | ||||
| CVE-2018-0042 | 1 Juniper | 1 Contrail Service Orchestration | 2024-11-21 | N/A |
| Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability. | ||||
| CVE-2017-9615 | 1 Cognito | 1 Moneyworks | 2024-11-21 | N/A |
| Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file. | ||||
| CVE-2017-9278 | 1 Netiq | 1 Identity Manager | 2024-11-21 | N/A |
| The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables. | ||||
| CVE-2017-9271 | 2 Fedoraproject, Opensuse | 2 Fedora, Zypper | 2024-11-21 | 3.3 Low |
| The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used. | ||||
| CVE-2017-8761 | 1 Openstack | 1 Swift | 2024-11-21 | 4.3 Medium |
| In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected. | ||||
| CVE-2017-8075 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2024-11-21 | N/A |
| On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | ||||
| CVE-2017-8074 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2024-11-21 | N/A |
| On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | ||||