Vulnerabilities (CVE)

Filtered by CWE-532
Total 902 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-50740 1 Apache 1 Linkis 2025-05-07 N/A 5.3 MEDIUM
In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module.  We recommend users upgrade the version of Linkis to version 1.5.0
CVE-2022-3018 1 Gitlab 1 Gitlab 2025-05-07 N/A 6.8 MEDIUM
An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs.
CVE-2022-3499 1 Tenable 1 Nessus 2025-05-05 N/A 6.5 MEDIUM
An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present.
CVE-2024-23758 1 Unisys 1 Stealth 2025-05-02 N/A 7.5 HIGH
An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information via the Enterprise ManagementInstaller_msi.log file.
CVE-2025-3911 2025-05-02 N/A N/A
Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain sensitive credentials information and further use it to gain unauthorized access to other systems. Starting with version 4.41.0, Docker Desktop no longer logs environment variables set by the user.
CVE-2023-43261 1 Milesight 12 Ur32, Ur32 Firmware, Ur32l and 9 more 2025-05-01 N/A 7.5 HIGH
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.
CVE-2022-43673 1 Wire 1 Wire 2025-04-30 N/A 4.7 MEDIUM
Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the AppData\Roaming\Wire\IndexedDB\https_app.wire.com_0.indexeddb.leveldb database.
CVE-2025-46614 2025-04-29 N/A 3.3 LOW
In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File.
CVE-2022-2721 1 Octopus 1 Octopus Server 2025-04-25 N/A 7.5 HIGH
In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled.
CVE-2025-2092 2025-04-23 N/A N/A
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p29, <2.2.0p41 and <=2.1.0p49 (EOL) causes remote site authentication secrets to be written to log files accessible to administrators.
CVE-2025-2300 2025-04-23 N/A 5.5 MEDIUM
Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability. This issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00.
CVE-2017-11134 1 Stashcat 1 Heinekingmedia 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The login credentials are written into a log file on the device. Hence, an attacker with access to the logs can read them.
CVE-2017-5549 1 Linux 1 Linux Kernel 2025-04-20 2.1 LOW 5.5 MEDIUM
The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log.
CVE-2017-16946 1 Misp 1 Misp 2025-04-20 4.0 MEDIUM 4.9 MEDIUM
The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.
CVE-2017-5137 1 Sendquick 4 Avera Sms Gateway, Avera Sms Gateway Firmware, Entera Sms Gateway and 1 more 2025-04-20 5.0 MEDIUM 6.2 MEDIUM
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective.
CVE-2017-9615 1 Cognito 1 Moneyworks 2025-04-20 5.0 MEDIUM 9.8 CRITICAL
Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file.
CVE-2016-9344 1 Moxa 6 Miineport E1, Miineport E1 Firmware, Miineport E2 and 3 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.
CVE-2017-8074 1 Tp-link 2 Tl-sg108e, Tl-sg108e Firmware 2025-04-20 5.0 MEDIUM 9.8 CRITICAL
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
CVE-2017-7550 1 Redhat 2 Ansible, Enterprise Linux Server 2025-04-20 5.0 MEDIUM 9.8 CRITICAL
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation.
CVE-2017-1000171 1 Mahara 1 Mahara Mobile 2025-04-20 5.0 MEDIUM 9.8 CRITICAL
Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.