Total
1106 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23677 | 1 Splunk | 2 Cloud, Splunk | 2024-11-21 | N/A | 4.3 MEDIUM |
| In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file. | |||||
| CVE-2024-23448 | 1 Elastic | 1 Apm Server | 2024-11-21 | N/A | 5.7 MEDIUM |
| An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs. | |||||
| CVE-2024-22464 | 1 Dell | 1 Emc Appsync | 2024-11-21 | N/A | 6.2 MEDIUM |
| Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account. | |||||
| CVE-2024-22352 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361. | |||||
| CVE-2024-21668 | 1 Mrousavy | 1 React-native-mmkv | 2024-11-21 | N/A | 4.4 MEDIUM |
| react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging Bridge (ADB) if it is enabled in the phone settings. This bug is not present on iOS devices. By logging the encryption secret to the system logs, attackers can trivially recover the secret by enabling ADB and undermining an app's thread model. This issue has been patched in version 2.11.0. | |||||
| CVE-2024-0935 | 1 3ds | 1 Delmia Apriso | 2024-11-21 | N/A | 4.4 MEDIUM |
| Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024 | |||||
| CVE-2024-0912 | 1 Johnsoncontrols | 1 Software House C-cure 9000 Siteserver | 2024-11-21 | N/A | 4.2 MEDIUM |
| Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions | |||||
| CVE-2024-0831 | 1 Hashicorp | 1 Vault | 2024-11-21 | N/A | 4.5 MEDIUM |
| Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`. | |||||
| CVE-2024-0716 | 1 Byzoro | 2 Smart S150, Smart S150 Firmware | 2024-11-21 | 2.1 LOW | 3.1 LOW |
| A vulnerability classified as problematic has been found in Byzoro Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-251541 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0472 | 1 Code-projects | 1 Dormitory Management System | 2024-11-21 | 2.7 LOW | 3.5 LOW |
| A vulnerability was found in code-projects Dormitory Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file modifyuser.php. The manipulation of the argument mname leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-250577 was assigned to this vulnerability. | |||||
| CVE-2023-6802 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 7.2 HIGH |
| An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | |||||
| CVE-2023-6687 | 1 Elastic | 1 Elastic Agent | 2024-11-21 | N/A | 6.8 MEDIUM |
| An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default. | |||||
| CVE-2023-6287 | 1 Tribe29 | 1 Checkmk Appliance Firmware | 2024-11-21 | N/A | 3.3 LOW |
| Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files. | |||||
| CVE-2023-5499 | 1 Reachfargps | 2 Reachfar Gps, Reachfar Gps Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Information exposure vulnerability in Shenzhen Reachfar v28, the exploitation of which could allow a remote attacker to retrieve all the week's logs stored in the 'log2' directory. An attacker could retrieve sensitive information such as remembered wifi networks, sent messages, SOS device locations and device configurations. | |||||
| CVE-2023-5339 | 1 Mattermost | 1 Mattermost Desktop | 2024-11-21 | N/A | 4.7 MEDIUM |
| Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. | |||||
| CVE-2023-5182 | 1 Canonical | 1 Subiquity | 2024-11-21 | N/A | 5.5 MEDIUM |
| Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege. | |||||
| CVE-2023-5028 | 1 Chinaunicom | 2 Tewa-800g, Tewa-800g Firmware | 2024-11-21 | 1.2 LOW | 2.0 LOW |
| A vulnerability, which was classified as problematic, has been found in China Unicom TEWA-800G 4.16L.04_CT2015_Yueme. Affected by this issue is some unknown functionality. The manipulation leads to information exposure through debug log file. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-239870 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-50253 | 1 Laf | 1 Laf | 2024-11-21 | N/A | 9.6 CRITICAL |
| Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist. | |||||
| CVE-2023-4688 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35433. | |||||
| CVE-2023-4677 | 1 Artica | 1 Pandora Fms | 2024-11-21 | N/A | 7.0 HIGH |
| Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This issue affects Pandora FMS <= 772. | |||||