Total
810 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28625 | 1 Hp | 1 Oneview | 2022-09-07 | N/A | 5.5 MEDIUM |
| A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView. | |||||
| CVE-2022-38149 | 1 Hashicorp | 1 Consul Template | 2022-09-01 | N/A | 7.5 HIGH |
| HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the *template.Template.Execute method, when given a template using Vault secret contents incorrectly. Fixed in 0.27.3, 0.28.3, and 0.29.2. | |||||
| CVE-2022-23715 | 1 Elastic | 1 Elastic Cloud Enterprise | 2022-08-31 | N/A | 6.5 MEDIUM |
| A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore | |||||
| CVE-2022-20278 | 1 Google | 1 Android | 2022-08-16 | N/A | 5.5 MEDIUM |
| In Accounts, there is a possible way to write sensitive information to the system log due to insufficient log filtering. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-205130113 | |||||
| CVE-2022-31674 | 1 Vmware | 1 Vrealize Operations | 2022-08-15 | N/A | 4.3 MEDIUM |
| VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure. | |||||
| CVE-2022-38133 | 1 Jetbrains | 1 Teamcity | 2022-08-12 | N/A | 5.3 MEDIUM |
| In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases | |||||
| CVE-2022-25374 | 1 Hashicorp | 1 Terraform Enterprise | 2022-08-11 | 5.0 MEDIUM | 7.5 HIGH |
| HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data. Fixed in v202202-1. | |||||
| CVE-2022-31119 | 1 Nextcloud | 1 Mail | 2022-08-10 | N/A | 4.9 MEDIUM |
| Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is recommended that the Nextcloud Mail is upgraded to 1.12.1. Operators should inspect their logs and remove passwords which have been logged. There are no workarounds to prevent logging in the event of a misconfiguration. | |||||
| CVE-2022-31186 | 1 Next-auth | 1 Nextauth.js | 2022-08-09 | N/A | 3.3 LOW |
| NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in `next-auth` before `v4.10.2` and `v3.29.9` allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log (which is thrown during OAuth error handling) and use it to leverage further attacks on the system, like impersonating the client to ask for extensive permissions. This issue has been patched in `v4.10.2` and `v3.29.9` by moving the log for `provider` information to the debug level. In addition, we added a warning for having the `debug: true` option turned on in production. If for some reason you cannot upgrade, you can user the `logger` configuration option by sanitizing the logs. | |||||
| CVE-2022-36321 | 1 Jetbrains | 1 Teamcity | 2022-07-27 | N/A | 6.5 MEDIUM |
| In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases | |||||
| CVE-2022-32556 | 1 Couchbase | 1 Couchbase Server | 2022-07-27 | N/A | 7.5 HIGH |
| An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log files with certain crashes. | |||||
| CVE-2019-15507 | 1 Octopus | 1 Server | 2022-07-27 | 3.5 LOW | 6.5 MEDIUM |
| In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. The fix was back-ported to LTS 2019.6.7 as well as LTS 2019.3.8. | |||||
| CVE-2019-15508 | 1 Octopus | 2 Server, Tentacle | 2022-07-27 | 3.5 LOW | 6.5 MEDIUM |
| In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The fix was back-ported to 4.0.7. | |||||
| CVE-2019-8944 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2022-07-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (and before 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files. | |||||
| CVE-2018-11320 | 1 Octopus | 1 Octopus Server | 2022-07-27 | 5.0 MEDIUM | 9.8 CRITICAL |
| In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs. | |||||
| CVE-2022-23141 | 1 Zte | 2 Zxmp M721, Zxmp M721 Firmware | 2022-07-22 | N/A | 7.5 HIGH |
| ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information. | |||||
| CVE-2021-22219 | 1 Gitlab | 1 Gitlab | 2022-07-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking. | |||||
| CVE-2022-33911 | 1 Couchbase | 1 Couchbase Server | 2022-07-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information. | |||||
| CVE-2022-33688 | 1 Google | 1 Android | 2022-07-16 | 2.1 LOW | 3.3 LOW |
| Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. | |||||
| CVE-2022-33687 | 1 Google | 1 Android | 2022-07-16 | 2.1 LOW | 3.3 LOW |
| Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log. | |||||