Total
810 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6662 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2019-11-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that data. | |||||
| CVE-2017-8001 | 2 Dell, Linux | 2 Emc Scaleio, Linux Kernel | 2019-11-14 | 2.1 LOW | 8.4 HIGH |
| An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials. | |||||
| CVE-2013-1771 | 1 Monkey-project | 1 Monkey | 2019-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo. | |||||
| CVE-2019-18385 | 1 Terra-master | 2 Fs-210, Fs-210 Firmware | 2019-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring. | |||||
| CVE-2018-0504 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2019-10-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid | |||||
| CVE-2019-14858 | 1 Redhat | 2 Ansible Engine, Ansible Tower | 2019-10-24 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task. | |||||
| CVE-2019-17394 | 1 Seesaw | 1 Parent And Family | 2019-10-18 | 5.0 MEDIUM | 9.8 CRITICAL |
| In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | |||||
| CVE-2019-17355 | 1 Orbitz | 1 Orbitz | 2019-10-18 | 5.0 MEDIUM | 9.8 CRITICAL |
| In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | |||||
| CVE-2019-17396 | 1 Powerschool | 1 Powerschool Mobile | 2019-10-18 | 5.0 MEDIUM | 9.8 CRITICAL |
| In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | |||||
| CVE-2019-17395 | 1 Rapidgator | 1 Rapidgator | 2019-10-17 | 5.0 MEDIUM | 9.8 CRITICAL |
| In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | |||||
| CVE-2019-17398 | 1 Darkhorse | 1 Dark Horse Comics | 2019-10-17 | 5.0 MEDIUM | 9.8 CRITICAL |
| In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication, and may be available to attackers via logcat. | |||||
| CVE-2019-4572 | 1 Ibm | 1 Filenet Content Manager | 2019-10-16 | 2.1 LOW | 4.4 MEDIUM |
| IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations, could log the web service user credentials into a log file that could be accessed by an administrator on the local machine. IBM X-Force ID: 166798. | |||||
| CVE-2019-17397 | 1 Doordash | 1 Doordash | 2019-10-15 | 5.0 MEDIUM | 9.8 CRITICAL |
| In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | |||||
| CVE-2019-5634 | 1 Belwith-keeler | 1 Hickory Smart | 2019-10-09 | 2.1 LOW | 4.3 MEDIUM |
| An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Communications to the internet API services and direct connections to the lock via Bluetooth Low Energy (BLE) from the mobile application are logged in a debug log on the Android device at HickorySmartLog/Logs/SRDeviceLog.txt. This information was found stored in the Android device's default USB or SDcard storage paths and is accessible without rooting the device. This issue affects Hickory Smart for Android, version 01.01.43 and prior versions. | |||||
| CVE-2019-6157 | 2 Ibm, Lenovo | 84 Bladecenter Hs22, Bladecenter Hs22 Firmware, Bladecenter Hs23 and 81 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support. | |||||
| CVE-2019-6158 | 1 Lenovo | 1 Xclarity Administrator | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x. | |||||
| CVE-2019-13515 | 1 Osisoft | 1 Pi Web Api | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information. | |||||
| CVE-2019-0021 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information. This issue affects Juniper ATP 5.0 versions prior to 5.0.4. | |||||
| CVE-2018-3828 | 1 Elastic | 1 Elastic Cloud Enterprise | 2019-10-09 | 3.5 LOW | 7.5 HIGH |
| Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to the logging cluster may obtain leaked credentials and perform authenticated actions using these credentials. | |||||
| CVE-2018-3609 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2019-10-09 | 4.3 MEDIUM | 8.1 HIGH |
| A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations. | |||||