Total
1057 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38133 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 3.2 LOW |
| In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases | |||||
| CVE-2022-36877 | 1 Samsung | 1 Samsung Members | 2024-11-21 | N/A | 2.8 LOW |
| Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log. | |||||
| CVE-2022-36321 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.1 MEDIUM |
| In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases | |||||
| CVE-2022-35719 | 1 Ibm | 1 Mq Internet Pass-thru | 2024-11-21 | N/A | 5.1 MEDIUM |
| IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user. | |||||
| CVE-2022-34826 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | N/A | 5.9 MEDIUM |
| In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the logs. | |||||
| CVE-2022-34570 | 1 Wavlink | 2 Wl-wn579x3, Wl-wn579x3 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page. | |||||
| CVE-2022-34369 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 8.1 HIGH |
| Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data. | |||||
| CVE-2022-33911 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information. | |||||
| CVE-2022-33737 | 1 Openvpn | 1 Openvpn Access Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password | |||||
| CVE-2022-33697 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. | |||||
| CVE-2022-33693 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 2.0 LOW |
| Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. | |||||
| CVE-2022-33688 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. | |||||
| CVE-2022-33687 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log. | |||||
| CVE-2022-33187 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | N/A | 5.5 MEDIUM |
| Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information. | |||||
| CVE-2022-32565 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids. | |||||
| CVE-2022-32556 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log files with certain crashes. | |||||
| CVE-2022-32254 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker. | |||||
| CVE-2022-32193 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. | |||||
| CVE-2022-31239 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 6.7 MEDIUM |
| Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data. | |||||
| CVE-2022-31186 | 1 Next-auth | 1 Nextauth.js | 2024-11-21 | N/A | 3.3 LOW |
| NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in `next-auth` before `v4.10.2` and `v3.29.9` allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log (which is thrown during OAuth error handling) and use it to leverage further attacks on the system, like impersonating the client to ask for extensive permissions. This issue has been patched in `v4.10.2` and `v3.29.9` by moving the log for `provider` information to the debug level. In addition, we added a warning for having the `debug: true` option turned on in production. If for some reason you cannot upgrade, you can user the `logger` configuration option by sanitizing the logs. | |||||