Total
881 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0042 | 1 Juniper | 1 Contrail Service Orchestration | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability. | |||||
| CVE-2017-9278 | 1 Netiq | 1 Identity Manager | 2024-11-21 | 5.0 MEDIUM | 3.3 LOW |
| The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables. | |||||
| CVE-2017-9271 | 2 Fedoraproject, Opensuse | 2 Fedora, Zypper | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used. | |||||
| CVE-2017-7434 | 1 Netiq | 1 Identity Manager | 2024-11-21 | 5.0 MEDIUM | 3.3 LOW |
| In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles. | |||||
| CVE-2017-2592 | 2 Canonical, Openstack | 2 Ubuntu Linux, Oslo.middleware | 2024-11-21 | 2.1 LOW | 5.9 MEDIUM |
| python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens). | |||||
| CVE-2017-1795 | 1 Ibm | 1 Websphere Mq Managed File Transfer | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042. | |||||
| CVE-2017-1733 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914. | |||||
| CVE-2017-1727 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869. | |||||
| CVE-2017-1480 | 1 Ibm | 3 Security Access Manager, Security Access Manager For Mobile, Security Access Manager For Web | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617. | |||||
| CVE-2017-1198 | 1 Ibm | 1 Bigfix Compliance | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
| IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123673. | |||||
| CVE-2017-18426 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288). | |||||
| CVE-2017-18423 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273). | |||||
| CVE-2017-18412 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 1.9 LOW | 2.5 LOW |
| cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296). | |||||
| CVE-2017-17675 | 1 Bmc | 1 Remedy Mid-tier | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data. | |||||
| CVE-2017-15113 | 2 Ovirt, Redhat | 2 Ovirt, Virtualization | 2024-11-21 | 3.5 LOW | 7.2 HIGH |
| ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues. | |||||
| CVE-2016-10819 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125). | |||||
| CVE-2016-10526 | 1 Grunt-gh-pages Project | 1 Grunt-gh-pages | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised. | |||||
| CVE-2016-0898 | 1 Vmware | 1 Pivotal Software Mysql | 2024-11-21 | 5.0 MEDIUM | 10.0 CRITICAL |
| MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM. | |||||
| CVE-2015-1343 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 5.0 MEDIUM | 2.0 LOW |
| All versions of unity-scope-gdrive logs search terms to syslog. | |||||
| CVE-2014-3536 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration | |||||