Total
611 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-31426 | 1 Broadcom | 1 Fabric Operating System | 2024-02-15 | N/A | 6.5 MEDIUM |
The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information. | |||||
CVE-2023-47131 | 4 Google, Microsoft, Mozilla and 1 more | 4 Chrome, Edge, Firefox and 1 more | 2024-02-15 | N/A | 7.5 HIGH |
The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file. | |||||
CVE-2024-23448 | 1 Elastic | 1 Apm Server | 2024-02-15 | N/A | 7.5 HIGH |
An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs. | |||||
CVE-2024-22464 | 1 Dell | 1 Emc Appsync | 2024-02-15 | N/A | 6.8 MEDIUM |
Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account. | |||||
CVE-2024-23760 | 1 Gambio | 1 Gambio | 2024-02-15 | N/A | 2.7 LOW |
Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot. | |||||
CVE-2017-5137 | 1 Sendquick | 4 Avera Sms Gateway, Avera Sms Gateway Firmware, Entera Sms Gateway and 1 more | 2024-02-14 | 5.0 MEDIUM | 6.2 MEDIUM |
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective. | |||||
CVE-2024-24939 | 1 Jetbrains | 1 Rider | 2024-02-09 | N/A | 5.3 MEDIUM |
In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible | |||||
CVE-2023-52143 | 2024-02-06 | N/A | 7.5 HIGH | ||
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkout.This issue affects WP Stripe Checkout: from n/a through 1.2.2.37. | |||||
CVE-2023-51508 | 1 Meowapps | 1 Database Cleaner | 2024-02-06 | N/A | 7.5 HIGH |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Database Cleaner: Clean, Optimize & Repair.This issue affects Database Cleaner: Clean, Optimize & Repair: from n/a through 0.9.8. | |||||
CVE-2023-51490 | 1 Wpmudev | 1 Defender Security | 2024-02-06 | N/A | 7.5 HIGH |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0. | |||||
CVE-2023-51408 | 1 Studiowombat | 1 Wp Optin Wheel | 2024-02-06 | N/A | 7.5 HIGH |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce.This issue affects WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce: from n/a through 1.4.3. | |||||
CVE-2023-52146 | 2024-02-06 | N/A | 5.3 MEDIUM | ||
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0. | |||||
CVE-2024-23840 | 1 Goreleaser | 1 Goreleaser | 2024-02-05 | N/A | 5.5 MEDIUM |
GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. `goreleaser release --debug` log shows secret values used in the in the custom publisher. This vulnerability is fixed in 1.24.0. | |||||
CVE-2023-43261 | 1 Milesight | 12 Ur32, Ur32 Firmware, Ur32l and 9 more | 2024-02-05 | N/A | 7.5 HIGH |
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components. | |||||
CVE-2023-36649 | 1 Prolion | 1 Cryptospike | 2024-02-05 | N/A | 9.1 CRITICAL |
Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication. | |||||
CVE-2021-22143 | 1 Elastic | 1 Apm .net Agent | 2024-02-05 | N/A | 4.3 MEDIUM |
The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers will not be sanitized before being sent. | |||||
CVE-2023-46742 | 2024-02-05 | N/A | 6.5 MEDIUM | ||
CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to the logs to retrieve sensitive information and impersonate other users with higher privileges than themselves. The issue has been patched in v3.3.1. There is no other mitigation than upgrading CubeFS. | |||||
CVE-2024-21668 | 1 Mrousavy | 1 React-native-mmkv | 2024-02-05 | N/A | 4.9 MEDIUM |
react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging Bridge (ADB) if it is enabled in the phone settings. This bug is not present on iOS devices. By logging the encryption secret to the system logs, attackers can trivially recover the secret by enabling ADB and undermining an app's thread model. This issue has been patched in version 2.11.0. | |||||
CVE-2024-23686 | 1 Owasp | 1 Dependency-check | 2024-02-05 | N/A | 5.3 MEDIUM |
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file. | |||||
CVE-2023-6687 | 1 Elastic | 1 Elastic Agent | 2024-02-05 | N/A | 6.5 MEDIUM |
An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default. |