Filtered by CWE-532
Filtered by vendor Subscriptions
Total 853 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-32513 2024-11-21 5.3 Medium
Insertion of Sensitive Information into Log File vulnerability in AdTribes.Io Product Feed PRO for WooCommerce.This issue affects Product Feed PRO for WooCommerce: from n/a through 13.3.1.
CVE-2024-32051 2024-11-21 6.5 Medium
Insertion of sensitive information into log file issue exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may obtain sensitive information.
CVE-2024-31391 2024-11-21 6.5 Medium
Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator. This issue affects all versions of the Apache Solr Operator from 0.3.0 through 0.8.0. When asked to bootstrap Solr security, the operator will enable basic authentication and create several accounts for accessing Solr: including the "solr" and "admin" accounts for use by end-users, and a "k8s-oper" account which the operator uses for its own requests to Solr. One common source of these operator requests is healthchecks: liveness, readiness, and startup probes are all used to determine Solr's health and ability to receive traffic. By default, the operator configures the Solr APIs used for these probes to be exempt from authentication, but users may specifically request that authentication be required on probe endpoints as well. Whenever one of these probes would fail, if authentication was in use, the Solr Operator would create a Kubernetes "event" containing the username and password of the "k8s-oper" account. Within the affected version range, this vulnerability affects any solrcloud resource which (1) bootstrapped security through use of the `.solrOptions.security.authenticationType=basic` option, and (2) required authentication be used on probes by setting `.solrOptions.security.probesRequireAuth=true`. Users are recommended to upgrade to Solr Operator version 0.8.1, which fixes this issue by ensuring that probes no longer print the credentials used for Solr requests.  Users may also mitigate the vulnerability by disabling authentication on their healthcheck probes using the setting `.solrOptions.security.probesRequireAuth=false`.
CVE-2024-31353 1 Tribulant 1 Slideshow Gallery 2024-11-21 5.3 Medium
Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.
CVE-2024-31298 2024-11-21 5.3 Medium
Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.This issue affects User Spam Remover: from n/a through 1.0.
CVE-2024-31259 2024-11-21 7.5 High
Insertion of Sensitive Information into Log File vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.5.
CVE-2024-31254 2024-11-21 3.7 Low
Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.7.
CVE-2024-31249 2024-11-21 5.3 Medium
Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725.
CVE-2024-31247 1 Frederic Gilles 1 Fg Drupal To Wordpress 2024-11-21 5.3 Medium
Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Drupal to WordPress.This issue affects FG Drupal to WordPress: from n/a through 3.70.3.
CVE-2024-31245 2024-11-21 5.3 Medium
Insertion of Sensitive Information into Log File vulnerability in ConvertKit.This issue affects ConvertKit: from n/a through 2.4.5.
CVE-2024-31216 2024-11-21 5.1 Medium
The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to version 1.2.5, when source-controller was configured to use an Azure SAS token when connecting to Azure Blob Storage, the token was logged along with the Azure URL when the controller encountered a connection error. An attacker with access to the source-controller logs could use the token to gain access to the Azure Blob Storage until the token expires. This vulnerability was fixed in source-controller v1.2.5. There is no workaround for this vulnerability except for using a different auth mechanism such as Azure Workload Identity.
CVE-2024-30523 2024-11-21 5.3 Medium
Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Mailchimp Add On pmpro-mailchimp.This issue affects Paid Memberships Pro – Mailchimp Add On: from n/a through 2.3.4.
CVE-2024-30514 1 Paidmembershipspro 1 Paid Memberships Pro 2024-11-21 5.3 Medium
Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Payfast Gateway Add On.This issue affects Paid Memberships Pro – Payfast Gateway Add On: from n/a through 1.4.1.
CVE-2024-30511 2024-11-21 5.3 Medium
Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.45.1.
CVE-2024-2877 2024-11-21 5.5 Medium
Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8.
CVE-2024-29959 2024-11-21 8.6 High
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save.
CVE-2024-29958 2024-11-21 7.5 High
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. This could provide attackers an additional, less protected path to acquiring the encryption key.
CVE-2024-29957 2024-11-21 7.5 High
When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key.
CVE-2024-29955 2024-11-21 5 Medium
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key.
CVE-2024-29954 1 Broadcom 1 Fabric Operating System 2024-11-21 5.9 Medium
A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line.