Vulnerabilities (CVE)

Filtered by CWE-532
Total 766 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-45825 1 Ydb 1 Ydb-go-sdk 2024-11-21 N/A 5.5 MEDIUM
ydb-go-sdk is a pure Go native and database/sql driver for the YDB platform. Since ydb-go-sdk v3.48.6 if you use a custom credentials object (implementation of interface Credentials it may leak into logs. This happens because this object could be serialized into an error message using `fmt.Errorf("something went wrong (credentials: %q)", credentials)` during connection to the YDB server. If such logging occurred, a malicious user with access to logs could read sensitive information (i.e. credentials) information and use it to get access to the database. ydb-go-sdk contains this problem in versions from v3.48.6 to v3.53.2. The fix for this problem has been released in version v3.53.3. Users are advised to upgrade. Users unable to upgrade should implement the `fmt.Stringer` interface in your custom credentials type with explicit stringify of object state.
CVE-2023-45809 1 Torchbox 1 Wagtail 2024-11-21 N/A 2.7 LOW
Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any changes, the error message discloses the display names of user accounts, and by modifying URL parameters, the user can retrieve the display name for any user. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 4.1.8 (LTS), 5.0.5 and 5.1.3. The fix is also included in Release Candidate 1 of the forthcoming Wagtail 5.2 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-45585 1 Fortinet 1 Fortisiem 2024-11-21 N/A 2.3 LOW
An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, version 5.3.3 and below may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage.
CVE-2023-45241 4 Acronis, Apple, Linux and 1 more 4 Agent, Macos, Linux Kernel and 1 more 2024-11-21 N/A 5.5 MEDIUM
Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391.
CVE-2023-44989 2024-11-21 N/A 7.5 HIGH
Insertion of Sensitive Information into Log File vulnerability in GSheetConnector CF7 Google Sheets Connector.This issue affects CF7 Google Sheets Connector: from n/a through 5.0.5.
CVE-2023-44483 1 Apache 1 Santuario Xml Security For Java 2024-11-21 N/A 6.5 MEDIUM
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.
CVE-2023-44155 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2024-11-21 N/A 7.5 HIGH
Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
CVE-2023-43485 1 F5 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 16 more 2024-11-21 N/A 5.5 MEDIUM
When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2023-43261 1 Milesight 12 Ur32, Ur32 Firmware, Ur32l and 9 more 2024-11-21 N/A 7.5 HIGH
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.
CVE-2023-43043 2024-11-21 N/A 5.1 MEDIUM
IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 could disclose sensitive information to a local user. IBM X-Force ID: 266875.
CVE-2023-42857 1 Apple 3 Ipados, Iphone Os, Macos 2024-11-21 N/A 3.3 LOW
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.
CVE-2023-41934 1 Jenkins 1 Pipeline Maven Integration 2024-11-21 N/A 5.3 MEDIUM
Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked.
CVE-2023-41308 1 Huawei 2 Emui, Harmonyos 2024-11-21 N/A 7.5 HIGH
Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2023-41263 1 Plixer 1 Scrutinizer 2024-11-21 N/A 3.7 LOW
An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types, an unauthenticated attacker can download debug logs containing application-related information.
CVE-2023-41254 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2024-11-21 N/A 5.5 MEDIUM
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to access sensitive user data.
CVE-2023-41253 1 F5 2 Big-ip Domain Name System, Big-ip Local Traffic Manager 2024-11-21 N/A 5.5 MEDIUM
When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2023-40694 2024-11-21 N/A 6.2 MEDIUM
IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 264838.
CVE-2023-40682 1 Ibm 1 App Connect Enterprise 2024-11-21 N/A 4.4 MEDIUM
IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833.
CVE-2023-40442 1 Apple 3 Ipados, Iphone Os, Macos 2024-11-21 N/A 3.3 LOW
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information.
CVE-2023-40425 1 Apple 1 Macos 2024-11-21 N/A 4.4 MEDIUM
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.7.1. An app with root privileges may be able to access private information.