Total
810 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43990 | 2024-09-26 | N/A | N/A | ||
| Insertion of Sensitive Information into Log File vulnerability in StylemixThemes Masterstudy LMS Starter.This issue affects Masterstudy LMS Starter: from n/a through 1.1.8. | |||||
| CVE-2024-29177 | 1 Dell | 1 Data Domain Operating System | 2024-09-23 | N/A | 2.7 LOW |
| Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain unauthorized access to the application report. | |||||
| CVE-2023-3350 | 1 Ayesa | 1 Ibermatica Rps | 2024-09-23 | N/A | 7.5 HIGH |
| A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, which can be decrypted with a .NET function, obtaining the username's password in plain text. | |||||
| CVE-2021-22533 | 1 Microfocus | 1 Edirectory | 2024-09-19 | N/A | 9.1 CRITICAL |
| Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.4.0000. | |||||
| CVE-2024-20440 | 1 Cisco | 1 Smart License Utility | 2024-09-19 | N/A | 7.5 HIGH |
| A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API. | |||||
| CVE-2024-4472 | 1 Gitlab | 1 Gitlab | 2024-09-18 | N/A | 5.5 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs. | |||||
| CVE-2023-1904 | 1 Octopus | 1 Octopus Server | 2024-09-18 | N/A | 7.5 HIGH |
| In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server. | |||||
| CVE-2024-37286 | 1 Elastic | 1 Apm Server | 2024-09-11 | N/A | 6.5 MEDIUM |
| APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged. | |||||
| CVE-2023-49921 | 1 Elastic | 1 Elasticsearch | 2024-09-11 | N/A | 6.5 MEDIUM |
| An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessive logging. This issue only affects users that use Watcher and have a Watch defined that uses the search input and additionally have set the search input’s logger to DEBUG or finer, for example using: org.elasticsearch.xpack.watcher.input.search, org.elasticsearch.xpack.watcher.input, org.elasticsearch.xpack.watcher, or wider, since the loggers are hierarchical. | |||||
| CVE-2024-42344 | 1 Siemens | 1 Sinema Remote Connect Client | 2024-09-10 | N/A | 5.5 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the confidentiality of other users' configuration data. | |||||
| CVE-2024-42349 | 1 Fogproject | 1 Fogproject | 2024-09-10 | N/A | 5.3 MEDIUM |
| FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.4 and earlier can leak authorized and rejected logins via logs stored directly on the root of the web server. FOG Server creates 2 logs on the root of the web server (fog_login_accepted.log and fog_login_failed.log), exposing the name of the user account used to manage FOG, the IP address of the computer used to login and the User-Agent. This vulnerability is fixed in 1.5.10.47. | |||||
| CVE-2024-43781 | 2024-09-10 | N/A | N/A | ||
| A vulnerability has been identified in SINUMERIK 828D V4 (All versions < V4.95 SP3), SINUMERIK 840D sl V4 (All versions < V4.95 SP3 in connection with using Create MyConfig (CMC) <= V4.8 SP1 HF6), SINUMERIK ONE (All versions < V6.23 in connection with using Create MyConfig (CMC) <= V6.6), SINUMERIK ONE (All versions < V6.15 SP4 in connection with using Create MyConfig (CMC) <= V6.6). Affected systems, that have been provisioned with Create MyConfig (CMC), contain a Insertion of Sensitive Information into Log File vulnerability. This could allow a local authenticated user with low privileges to read sensitive information and thus circumvent access restrictions. | |||||
| CVE-2024-27784 | 1 Fortinet | 1 Fortiaiops | 2024-09-09 | N/A | 6.5 MEDIUM |
| Multiple Exposure of sensitive information to an unauthorized actor vulnerabilities [CWE-200] in FortiAIOps version 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files. | |||||
| CVE-2024-38321 | 1 Ibm | 1 Business Automation Workflow | 2024-09-06 | N/A | 6.5 MEDIUM |
| IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868. | |||||
| CVE-2024-8365 | 1 Hashicorp | 1 Vault | 2024-09-04 | N/A | 6.5 MEDIUM |
| Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9. | |||||
| CVE-2022-4858 | 1 M-files | 1 M-files Server | 2024-08-28 | N/A | 7.5 HIGH |
| Insertion of Sensitive Information into Log Files in M-Files Server before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set. | |||||
| CVE-2024-6977 | 1 Catonetworks | 1 Cato Client | 2024-08-27 | N/A | 6.5 MEDIUM |
| A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client: before 5.10.34. | |||||
| CVE-2023-6287 | 1 Tribe29 | 1 Checkmk Appliance Firmware | 2024-08-26 | N/A | 5.5 MEDIUM |
| Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files. | |||||
| CVE-2023-30430 | 1 Ibm | 1 Security Verify Access | 2024-08-24 | N/A | 5.5 MEDIUM |
| IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183. | |||||
| CVE-2024-41978 | 1 Siemens | 52 Ruggedcom Rm1224 Lte\(4g\) Eu, Ruggedcom Rm1224 Lte\(4g\) Eu Firmware, Ruggedcom Rm1224 Lte\(4g\) Nam and 49 more | 2024-08-23 | N/A | 6.5 MEDIUM |
| A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.1). Affected devices insert sensitive information about the generation of 2FA tokens into log files. This could allow an authenticated remote attacker to forge 2FA tokens of other users. | |||||