Total
1106 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6746 | 1 Github | 1 Enterprise Server | 2024-12-16 | N/A | 8.1 HIGH |
| An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | |||||
| CVE-2024-28830 | 1 Checkmk | 1 Checkmk | 2024-12-04 | N/A | 2.7 LOW |
| Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators. | |||||
| CVE-2024-22335 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-12-04 | N/A | 5.1 MEDIUM |
| IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279975. | |||||
| CVE-2024-22336 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-12-04 | N/A | 5.1 MEDIUM |
| IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976. | |||||
| CVE-2024-22337 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-12-03 | N/A | 5.1 MEDIUM |
| IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279977. | |||||
| CVE-2023-50951 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-12-03 | N/A | 4.0 MEDIUM |
| IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 in some circumstances will log some sensitive information about invalid authorization attempts. IBM X-Force ID: 275747. | |||||
| CVE-2024-47094 | 1 Checkmk | 1 Checkmk | 2024-12-03 | N/A | 5.5 MEDIUM |
| Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users. | |||||
| CVE-2024-6687 | 1 Thisfunctional | 1 Ctt Expresso Para Woocommerce | 2024-11-23 | N/A | 5.3 MEDIUM |
| The CTT Expresso para WooCommerce plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 3.2.12 via the /wp-content/uploads/cepw directory. The generated .pdf and log files are publicly accessible and contain sensitive information such as sender and receiver names, phone numbers, physical addresses, and email addresses | |||||
| CVE-2024-6104 | 1 Hashicorp | 1 Retryablehttp | 2024-11-21 | N/A | 6.0 MEDIUM |
| go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7. | |||||
| CVE-2024-5908 | 1 Paloaltonetworks | 1 Globalprotect | 2024-11-21 | N/A | 7.5 HIGH |
| A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these encrypted credentials are exposed to recipients of the application logs. | |||||
| CVE-2024-5557 | 1 Schneider-electric | 4 Spacelogic As-b, Spacelogic As-b Firmware, Spacelogic As-p and 1 more | 2024-11-21 | N/A | 4.5 MEDIUM |
| CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs. | |||||
| CVE-2024-4472 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.0 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs. | |||||
| CVE-2024-41824 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 6.4 MEDIUM |
| In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases | |||||
| CVE-2024-29954 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | N/A | 5.9 MEDIUM |
| A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line. | |||||
| CVE-2024-29945 | 1 Splunk | 1 Splunk | 2024-11-21 | N/A | 7.2 HIGH |
| In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at the DEBUG logging level. | |||||
| CVE-2024-29177 | 1 Dell | 1 Data Domain Operating System | 2024-11-21 | N/A | 2.7 LOW |
| Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain unauthorized access to the application report. | |||||
| CVE-2024-25095 | 1 Codeparrots | 1 Easy Forms For Mailchimp | 2024-11-21 | N/A | 7.5 HIGH |
| Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0. | |||||
| CVE-2024-24939 | 1 Jetbrains | 1 Rider | 2024-11-21 | N/A | 3.3 LOW |
| In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible | |||||
| CVE-2024-23840 | 1 Goreleaser | 1 Goreleaser | 2024-11-21 | N/A | 5.5 MEDIUM |
| GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. `goreleaser release --debug` log shows secret values used in the in the custom publisher. This vulnerability is fixed in 1.24.0. | |||||
| CVE-2024-23791 | 1 Otrs | 1 Otrs | 2024-11-21 | N/A | 4.9 MEDIUM |
| Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1. | |||||