Total
881 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44989 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Insertion of Sensitive Information into Log File vulnerability in GSheetConnector CF7 Google Sheets Connector.This issue affects CF7 Google Sheets Connector: from n/a through 5.0.5. | |||||
| CVE-2023-44155 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | N/A | 7.5 HIGH |
| Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | |||||
| CVE-2023-43485 | 1 F5 | 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 16 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-43043 | 2024-11-21 | N/A | 5.1 MEDIUM | ||
| IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 could disclose sensitive information to a local user. IBM X-Force ID: 266875. | |||||
| CVE-2023-42857 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-11-21 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data. | |||||
| CVE-2023-41934 | 1 Jenkins | 1 Pipeline Maven Integration | 2024-11-21 | N/A | 5.3 MEDIUM |
| Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked. | |||||
| CVE-2023-41308 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2023-41263 | 1 Plixer | 1 Scrutinizer | 2024-11-21 | N/A | 3.7 LOW |
| An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types, an unauthenticated attacker can download debug logs containing application-related information. | |||||
| CVE-2023-41254 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to access sensitive user data. | |||||
| CVE-2023-41253 | 1 F5 | 2 Big-ip Domain Name System, Big-ip Local Traffic Manager | 2024-11-21 | N/A | 5.5 MEDIUM |
| When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-40694 | 2024-11-21 | N/A | 6.2 MEDIUM | ||
| IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 264838. | |||||
| CVE-2023-40682 | 1 Ibm | 1 App Connect Enterprise | 2024-11-21 | N/A | 4.4 MEDIUM |
| IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833. | |||||
| CVE-2023-40442 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-11-21 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information. | |||||
| CVE-2023-40405 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1. An app may be able to read sensitive location information. | |||||
| CVE-2023-40392 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-11-21 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information. | |||||
| CVE-2023-40338 | 1 Jenkins | 1 Folders | 2024-11-21 | N/A | 4.3 MEDIUM |
| Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system. | |||||
| CVE-2023-40029 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | N/A | 9.9 CRITICAL |
| Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kubectl.kubernetes.io/last-applied-configuration` annotation. pull request #7139 introduced the ability to manage cluster labels and annotations. Since clusters are stored as secrets it also exposes the `kubectl.kubernetes.io/last-applied-configuration` annotation which includes full secret body. In order to view the cluster annotations via the Argo CD API, the user must have `clusters, get` RBAC access. **Note:** In many cases, cluster secrets do not contain any actually-secret information. But sometimes, as in bearer-token auth, the contents might be very sensitive. The bug has been patched in versions 2.8.3, 2.7.14, and 2.6.15. Users are advised to upgrade. Users unable to upgrade should update/deploy cluster secret with `server-side-apply` flag which does not use or rely on `kubectl.kubernetes.io/last-applied-configuration` annotation. Note: annotation for existing secrets will require manual removal. | |||||
| CVE-2023-3993 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.9 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Access tokens may have been logged when a query was made to a specific endpoint. | |||||
| CVE-2023-3363 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 3.9 LOW |
| An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to `default`. | |||||
| CVE-2023-3350 | 1 Ayesa | 1 Ibermatica Rps | 2024-11-21 | N/A | 8.2 HIGH |
| A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, which can be decrypted with a .NET function, obtaining the username's password in plain text. | |||||