Filtered by vendor
Subscriptions
Total
853 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-44239 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-10-31 | 5.5 Medium |
An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. An app may be able to leak sensitive kernel state. | ||||
CVE-2024-27849 | 1 Apple | 1 Macos | 2024-10-31 | 3.3 Low |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15. An app may be able to read sensitive location information. | ||||
CVE-2023-22649 | 2 Rancher, Suse | 2 Rancher, Rancher | 2024-10-31 | 8.4 High |
A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log) is an opt-in feature, only deployments that have it enabled and have [AUDIT_LEVEL](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log#audit-log-levels) set to `1 or above` are impacted by this issue. | ||||
CVE-2024-40096 | 1 Rd Labs Llc | 1 Who | 2024-10-29 | 3.3 Low |
The com.cascadialabs.who (aka Who - Caller ID, Spam Block) application 15.0 for Android places sensitive information in the system log. | ||||
CVE-2024-9466 | 1 Paloaltonetworks | 1 Expedition | 2024-10-18 | 6.5 Medium |
A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials. | ||||
CVE-2024-8264 | 1 Fortra | 2 Robot Schedule, Robot Schedule Enterprise | 2024-10-17 | 5.5 Medium |
Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled. | ||||
CVE-2024-47822 | 1 Directus | 1 Directus | 2024-10-10 | 4.2 Medium |
Directus is a real-time API and App dashboard for managing SQL database content. Access tokens from query strings are not redacted and are potentially exposed in system logs which may be persisted. The access token in `req.query` is not redacted when the `LOG_STYLE` is set to `raw`. If these logs are not properly sanitized or protected, an attacker with access to it can potentially gain administrative control, leading to unauthorized data access and manipulation. This impacts systems where the `LOG_STYLE` is set to `raw`. The `access_token` in the query could potentially be a long-lived static token. Users with impacted systems should rotate their static tokens if they were provided using query string. This vulnerability has been patched in release version 10.13.2 and subsequent releases as well. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
CVE-2022-49037 | 1 Synology | 1 Drive Client | 2024-10-08 | 6.5 Medium |
Insertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||||
CVE-2024-20491 | 1 Cisco | 3 Nexus Dashboard Fabric Controller, Nexus Dashboard Insights, Nexus Dashboard Orchestrator | 2024-10-08 | 6.3 Medium |
A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view remote controller admin credentials in clear text. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information. | ||||
CVE-2024-20490 | 1 Cisco | 3 Nexus Dashboard Fabric Controller, Nexus Dashboard Insights, Nexus Dashboard Orchestrator | 2024-10-08 | 6.3 Medium |
A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view HTTP proxy server admin credentials in clear text that are configured on Nexus Dashboard to reach an external network. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information. | ||||
CVE-2024-8609 | 1 Oceanicsoft | 1 Valeapp | 2024-10-04 | 7.5 High |
Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information.This issue affects ValeApp: before v2.0.0. | ||||
CVE-2024-47083 | 1 Microsoft | 2 Power Platform Terraform Provider, Terraform Provider Power Platform | 2024-10-03 | 7.5 High |
Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitive information, specifically the `client_secret` used in the service principal authentication, may be exposed in logs. This exposure occurs due to an error in the logging code that causes the `client_secret` to not be properly masked when logs are persisted or viewed. Users should upgrade to version 3.0.0 to receive a patched version of the provider that removes all logging of sensitive content. Users who have used this provider with the affected versions should take the following additional steps to mitigate the risk: Immediately rotate the `client_secret` for any service principal that has been configured using this Terraform provider. This will invalidate any potentially exposed secrets. Those who have set the `TF_LOG_PATH` environment variable or configured Terraform to persist logs to a file or an external system, consider disabling this until they have updated to a fixed version of the provider. Those who have existing logs that may contain the `client_secret` should remove or sanitize these logs to prevent unauthorized access. This includes logs on disk, in monitoring systems, or in logging services. | ||||
CVE-2021-22518 | 1 Opentext | 1 Identity Manager Azuread Driver | 2024-10-02 | 5.8 Medium |
A vulnerability identified in OpenTextâ„¢ Identity Manager AzureAD Driver that allows logging of sensitive information into log file. This impacts all versions before 5.1.4.0 | ||||
CVE-2022-26322 | 1 Netiq | 1 Identity Manager Rest Driver | 2024-10-02 | 4.9 Medium |
Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager has been discovered in OpenTextâ„¢ Identity Manager REST Driver. This impact version before 1.1.2.0200. | ||||
CVE-2024-7421 | 1 Devolutions | 1 Remote Desktop Manager | 2024-10-01 | 5.5 Medium |
An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions | ||||
CVE-2023-46175 | 1 Ibm | 1 Cloud Pak For Multicloud Management Monitoring | 2024-09-30 | 4.4 Medium |
IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user. | ||||
CVE-2024-44166 | 1 Apple | 1 Macos | 2024-09-26 | 5.5 Medium |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data. | ||||
CVE-2024-43990 | 1 Stylemixthemes | 1 Masterstudy Lms | 2024-09-26 | 5.3 Medium |
Insertion of Sensitive Information into Log File vulnerability in StylemixThemes Masterstudy LMS Starter.This issue affects Masterstudy LMS Starter: from n/a through 1.1.8. | ||||
CVE-2024-40791 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-09-24 | 3.3 Low |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access information about a user's contacts. | ||||
CVE-2021-22533 | 2 Microfocus, Opentext | 2 Edirectory, Edirectory | 2024-09-19 | 6.5 Medium |
Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenTextâ„¢ eDirectory 9.2.4.0000. |