Total
611 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-4443 | 1 Redhat | 1 Enterprise Virtualization | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file. | |||||
CVE-2017-8074 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||||
CVE-2017-7214 | 1 Openstack | 1 Nova | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens. | |||||
CVE-2016-8346 | 1 Moxa | 3 Edr-810, Edr-810-vpn, Edr-810 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION). | |||||
CVE-2016-0879 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL. | |||||
CVE-2016-5432 | 1 Redhat | 2 Enterprise Linux, Enterprise Virtualization | 2024-02-04 | 2.1 LOW | 3.3 LOW |
The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files. | |||||
CVE-2016-0875 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL. | |||||
CVE-2013-6384 | 1 Openstack | 1 Ceilometer | 2024-02-04 | 1.9 LOW | N/A |
(1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB password) by reading the log file. | |||||
CVE-2011-1943 | 2 Fedoraproject, Gnome | 2 Fedora, Networkmanager | 2024-02-04 | 2.1 LOW | N/A |
The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file. | |||||
CVE-2001-1556 | 1 Apache | 1 Http Server | 2024-02-04 | 5.0 MEDIUM | N/A |
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep. | |||||
CVE-2022-39046 | 2 Gnu, Netapp | 12 Glibc, H300s, H300s Firmware and 9 more | 2024-02-04 | N/A | 5.3 MEDIUM |
An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap. |