Total
902 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-50740 | 1 Apache | 1 Linkis | 2025-05-07 | N/A | 5.3 MEDIUM |
In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0 | |||||
CVE-2022-3018 | 1 Gitlab | 1 Gitlab | 2025-05-07 | N/A | 6.8 MEDIUM |
An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs. | |||||
CVE-2022-3499 | 1 Tenable | 1 Nessus | 2025-05-05 | N/A | 6.5 MEDIUM |
An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present. | |||||
CVE-2024-23758 | 1 Unisys | 1 Stealth | 2025-05-02 | N/A | 7.5 HIGH |
An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information via the Enterprise ManagementInstaller_msi.log file. | |||||
CVE-2025-3911 | 2025-05-02 | N/A | N/A | ||
Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain sensitive credentials information and further use it to gain unauthorized access to other systems. Starting with version 4.41.0, Docker Desktop no longer logs environment variables set by the user. | |||||
CVE-2023-43261 | 1 Milesight | 12 Ur32, Ur32 Firmware, Ur32l and 9 more | 2025-05-01 | N/A | 7.5 HIGH |
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components. | |||||
CVE-2022-43673 | 1 Wire | 1 Wire | 2025-04-30 | N/A | 4.7 MEDIUM |
Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the AppData\Roaming\Wire\IndexedDB\https_app.wire.com_0.indexeddb.leveldb database. | |||||
CVE-2025-46614 | 2025-04-29 | N/A | 3.3 LOW | ||
In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File. | |||||
CVE-2022-2721 | 1 Octopus | 1 Octopus Server | 2025-04-25 | N/A | 7.5 HIGH |
In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled. | |||||
CVE-2025-2092 | 2025-04-23 | N/A | N/A | ||
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p29, <2.2.0p41 and <=2.1.0p49 (EOL) causes remote site authentication secrets to be written to log files accessible to administrators. | |||||
CVE-2025-2300 | 2025-04-23 | N/A | 5.5 MEDIUM | ||
Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability. This issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00. | |||||
CVE-2017-11134 | 1 Stashcat | 1 Heinekingmedia | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The login credentials are written into a log file on the device. Hence, an attacker with access to the logs can read them. | |||||
CVE-2017-5549 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log. | |||||
CVE-2017-16946 | 1 Misp | 1 Misp | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log. | |||||
CVE-2017-5137 | 1 Sendquick | 4 Avera Sms Gateway, Avera Sms Gateway Firmware, Entera Sms Gateway and 1 more | 2025-04-20 | 5.0 MEDIUM | 6.2 MEDIUM |
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective. | |||||
CVE-2017-9615 | 1 Cognito | 1 Moneyworks | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file. | |||||
CVE-2016-9344 | 1 Moxa | 6 Miineport E1, Miineport E1 Firmware, Miineport E2 and 3 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files. | |||||
CVE-2017-8074 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||||
CVE-2017-7550 | 1 Redhat | 2 Ansible, Enterprise Linux Server | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation. | |||||
CVE-2017-1000171 | 1 Mahara | 1 Mahara Mobile | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text. |