Total
766 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20491 | 1 Cisco | 3 Nexus Dashboard Fabric Controller, Nexus Dashboard Insights, Nexus Dashboard Orchestrator | 2024-10-08 | N/A | 8.6 HIGH |
| A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view remote controller admin credentials in clear text. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information. | |||||
| CVE-2024-20490 | 1 Cisco | 3 Nexus Dashboard Fabric Controller, Nexus Dashboard Insights, Nexus Dashboard Orchestrator | 2024-10-08 | N/A | 8.6 HIGH |
| A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view HTTP proxy server admin credentials in clear text that are configured on Nexus Dashboard to reach an external network. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information. | |||||
| CVE-2024-8609 | 1 Oceanicsoft | 1 Valeapp | 2024-10-04 | N/A | 7.5 HIGH |
| Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information.This issue affects ValeApp: before v2.0.0. | |||||
| CVE-2024-47083 | 1 Microsoft | 1 Power Platform Terraform Provider | 2024-10-03 | N/A | 7.5 HIGH |
| Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitive information, specifically the `client_secret` used in the service principal authentication, may be exposed in logs. This exposure occurs due to an error in the logging code that causes the `client_secret` to not be properly masked when logs are persisted or viewed. Users should upgrade to version 3.0.0 to receive a patched version of the provider that removes all logging of sensitive content. Users who have used this provider with the affected versions should take the following additional steps to mitigate the risk: Immediately rotate the `client_secret` for any service principal that has been configured using this Terraform provider. This will invalidate any potentially exposed secrets. Those who have set the `TF_LOG_PATH` environment variable or configured Terraform to persist logs to a file or an external system, consider disabling this until they have updated to a fixed version of the provider. Those who have existing logs that may contain the `client_secret` should remove or sanitize these logs to prevent unauthorized access. This includes logs on disk, in monitoring systems, or in logging services. | |||||
| CVE-2021-22518 | 1 Opentext | 1 Identity Manager Azuread Driver | 2024-10-02 | N/A | 5.5 MEDIUM |
| A vulnerability identified in OpenText™ Identity Manager AzureAD Driver that allows logging of sensitive information into log file. This impacts all versions before 5.1.4.0 | |||||
| CVE-2022-26322 | 1 Netiq | 1 Identity Manager Rest Driver | 2024-10-02 | N/A | 7.5 HIGH |
| Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager has been discovered in OpenText™ Identity Manager REST Driver. This impact version before 1.1.2.0200. | |||||
| CVE-2024-7421 | 1 Devolutions | 1 Remote Desktop Manager | 2024-10-01 | N/A | 5.5 MEDIUM |
| An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions | |||||
| CVE-2023-46175 | 2024-09-30 | N/A | 4.4 MEDIUM | ||
| IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user. | |||||
| CVE-2024-44166 | 1 Apple | 1 Macos | 2024-09-26 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data. | |||||
| CVE-2024-43990 | 2024-09-26 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information into Log File vulnerability in StylemixThemes Masterstudy LMS Starter.This issue affects Masterstudy LMS Starter: from n/a through 1.1.8. | |||||
| CVE-2024-40791 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-09-24 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access information about a user's contacts. | |||||
| CVE-2021-22533 | 1 Microfocus | 1 Edirectory | 2024-09-19 | N/A | 9.1 CRITICAL |
| Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.4.0000. | |||||
| CVE-2024-20440 | 1 Cisco | 1 Smart License Utility | 2024-09-19 | N/A | 7.5 HIGH |
| A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API. | |||||
| CVE-2024-37286 | 1 Elastic | 1 Apm Server | 2024-09-11 | N/A | 6.5 MEDIUM |
| APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged. | |||||
| CVE-2024-42344 | 1 Siemens | 1 Sinema Remote Connect Client | 2024-09-10 | N/A | 5.5 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the confidentiality of other users' configuration data. | |||||
| CVE-2024-42349 | 1 Fogproject | 1 Fogproject | 2024-09-10 | N/A | 5.3 MEDIUM |
| FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.4 and earlier can leak authorized and rejected logins via logs stored directly on the root of the web server. FOG Server creates 2 logs on the root of the web server (fog_login_accepted.log and fog_login_failed.log), exposing the name of the user account used to manage FOG, the IP address of the computer used to login and the User-Agent. This vulnerability is fixed in 1.5.10.47. | |||||
| CVE-2024-43781 | 2024-09-10 | N/A | 5.5 MEDIUM | ||
| A vulnerability has been identified in SINUMERIK 828D V4 (All versions < V4.95 SP3), SINUMERIK 840D sl V4 (All versions < V4.95 SP3 in connection with using Create MyConfig (CMC) <= V4.8 SP1 HF6), SINUMERIK ONE (All versions < V6.23 in connection with using Create MyConfig (CMC) <= V6.6), SINUMERIK ONE (All versions < V6.15 SP4 in connection with using Create MyConfig (CMC) <= V6.6). Affected systems, that have been provisioned with Create MyConfig (CMC), contain a Insertion of Sensitive Information into Log File vulnerability. This could allow a local authenticated user with low privileges to read sensitive information and thus circumvent access restrictions. | |||||
| CVE-2024-38321 | 1 Ibm | 1 Business Automation Workflow | 2024-09-06 | N/A | 6.5 MEDIUM |
| IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868. | |||||
| CVE-2024-8365 | 1 Hashicorp | 1 Vault | 2024-09-04 | N/A | 6.5 MEDIUM |
| Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9. | |||||
| CVE-2024-6977 | 1 Catonetworks | 1 Cato Client | 2024-08-27 | N/A | 6.5 MEDIUM |
| A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client: before 5.10.34. | |||||