Filtered by CWE-532
Filtered by vendor Subscriptions
Total 853 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-44239 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2024-10-31 5.5 Medium
An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. An app may be able to leak sensitive kernel state.
CVE-2024-27849 1 Apple 1 Macos 2024-10-31 3.3 Low
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15. An app may be able to read sensitive location information.
CVE-2023-22649 2 Rancher, Suse 2 Rancher, Rancher 2024-10-31 8.4 High
A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log) is an opt-in feature, only deployments that have it enabled and have [AUDIT_LEVEL](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log#audit-log-levels) set to `1 or above` are impacted by this issue.
CVE-2024-40096 1 Rd Labs Llc 1 Who 2024-10-29 3.3 Low
The com.cascadialabs.who (aka Who - Caller ID, Spam Block) application 15.0 for Android places sensitive information in the system log.
CVE-2024-9466 1 Paloaltonetworks 1 Expedition 2024-10-18 6.5 Medium
A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.
CVE-2024-8264 1 Fortra 2 Robot Schedule, Robot Schedule Enterprise 2024-10-17 5.5 Medium
Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled.
CVE-2024-47822 1 Directus 1 Directus 2024-10-10 4.2 Medium
Directus is a real-time API and App dashboard for managing SQL database content. Access tokens from query strings are not redacted and are potentially exposed in system logs which may be persisted. The access token in `req.query` is not redacted when the `LOG_STYLE` is set to `raw`. If these logs are not properly sanitized or protected, an attacker with access to it can potentially gain administrative control, leading to unauthorized data access and manipulation. This impacts systems where the `LOG_STYLE` is set to `raw`. The `access_token` in the query could potentially be a long-lived static token. Users with impacted systems should rotate their static tokens if they were provided using query string. This vulnerability has been patched in release version 10.13.2 and subsequent releases as well. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2022-49037 1 Synology 1 Drive Client 2024-10-08 6.5 Medium
Insertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2024-20491 1 Cisco 3 Nexus Dashboard Fabric Controller, Nexus Dashboard Insights, Nexus Dashboard Orchestrator 2024-10-08 6.3 Medium
A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view remote controller admin credentials in clear text. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information.
CVE-2024-20490 1 Cisco 3 Nexus Dashboard Fabric Controller, Nexus Dashboard Insights, Nexus Dashboard Orchestrator 2024-10-08 6.3 Medium
A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view HTTP proxy server admin credentials in clear text that are configured on Nexus Dashboard to reach an external network. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information.
CVE-2024-8609 1 Oceanicsoft 1 Valeapp 2024-10-04 7.5 High
Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information.This issue affects ValeApp: before v2.0.0.
CVE-2024-47083 1 Microsoft 2 Power Platform Terraform Provider, Terraform Provider Power Platform 2024-10-03 7.5 High
Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitive information, specifically the `client_secret` used in the service principal authentication, may be exposed in logs. This exposure occurs due to an error in the logging code that causes the `client_secret` to not be properly masked when logs are persisted or viewed. Users should upgrade to version 3.0.0 to receive a patched version of the provider that removes all logging of sensitive content. Users who have used this provider with the affected versions should take the following additional steps to mitigate the risk: Immediately rotate the `client_secret` for any service principal that has been configured using this Terraform provider. This will invalidate any potentially exposed secrets. Those who have set the `TF_LOG_PATH` environment variable or configured Terraform to persist logs to a file or an external system, consider disabling this until they have updated to a fixed version of the provider. Those who have existing logs that may contain the `client_secret` should remove or sanitize these logs to prevent unauthorized access. This includes logs on disk, in monitoring systems, or in logging services.
CVE-2021-22518 1 Opentext 1 Identity Manager Azuread Driver 2024-10-02 5.8 Medium
A vulnerability identified in OpenTextâ„¢ Identity Manager AzureAD Driver that allows logging of sensitive information into log file. This impacts all versions before 5.1.4.0
CVE-2022-26322 1 Netiq 1 Identity Manager Rest Driver 2024-10-02 4.9 Medium
Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager has been discovered in OpenTextâ„¢ Identity Manager REST Driver. This impact version before 1.1.2.0200.
CVE-2024-7421 1 Devolutions 1 Remote Desktop Manager 2024-10-01 5.5 Medium
An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions
CVE-2023-46175 1 Ibm 1 Cloud Pak For Multicloud Management Monitoring 2024-09-30 4.4 Medium
IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user.
CVE-2024-44166 1 Apple 1 Macos 2024-09-26 5.5 Medium
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data.
CVE-2024-43990 1 Stylemixthemes 1 Masterstudy Lms 2024-09-26 5.3 Medium
Insertion of Sensitive Information into Log File vulnerability in StylemixThemes Masterstudy LMS Starter.This issue affects Masterstudy LMS Starter: from n/a through 1.1.8.
CVE-2024-40791 1 Apple 3 Ipados, Iphone Os, Macos 2024-09-24 3.3 Low
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access information about a user's contacts.
CVE-2021-22533 2 Microfocus, Opentext 2 Edirectory, Edirectory 2024-09-19 6.5 Medium
Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenTextâ„¢ eDirectory 9.2.4.0000.