Total
881 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29958 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | N/A | 7.5 HIGH |
| A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. This could provide attackers an additional, less protected path to acquiring the encryption key. | |||||
| CVE-2024-29959 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | N/A | 8.6 HIGH |
| A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save. | |||||
| CVE-2025-24556 | 2025-02-03 | N/A | 7.5 HIGH | ||
| Insertion of Sensitive Information into Log File vulnerability in DualCube MooWoodle allows Retrieve Embedded Sensitive Data. This issue affects MooWoodle: from n/a through 3.2.4. | |||||
| CVE-2025-24169 | 1 Apple | 2 Macos, Safari | 2025-01-31 | N/A | 7.5 HIGH |
| A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.3, Safari 18.3. A malicious app may be able to bypass browser extension authentication. | |||||
| CVE-2024-25030 | 1 Ibm | 1 Db2 | 2025-01-31 | N/A | 6.2 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281677. | |||||
| CVE-2024-40679 | 1 Ibm | 1 Db2 | 2025-01-31 | N/A | 5.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions. | |||||
| CVE-2025-24457 | 1 Jetbrains | 1 Youtrack | 2025-01-30 | N/A | 5.5 MEDIUM |
| In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs | |||||
| CVE-2023-31207 | 1 Checkmk | 1 Checkmk | 2025-01-30 | N/A | 4.4 MEDIUM |
| Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log. | |||||
| CVE-2024-22339 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-01-29 | N/A | 4.3 MEDIUM |
| IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979. | |||||
| CVE-2025-24884 | 2025-01-29 | N/A | N/A | ||
| kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. This vulnerability is fixed in 1.0.16. | |||||
| CVE-2024-45091 | 1 Ibm | 1 Urbancode Deploy | 2025-01-29 | N/A | 6.2 MEDIUM |
| IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs. | |||||
| CVE-2024-48852 | 2025-01-29 | N/A | 9.4 CRITICAL | ||
| Insertion of Sensitive Information into Log File vulnerability observed in FLEXON. Some information may be improperly disclosed through https access. This issue affects FLXEON through <= 9.3.4. | |||||
| CVE-2023-31413 | 1 Elastic | 1 Filebeat | 2025-01-29 | N/A | 3.3 LOW |
| Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled. | |||||
| CVE-2024-25957 | 1 Dell | 1 Grab | 2025-01-28 | N/A | 4.8 MEDIUM |
| Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext storage of sensitive information vulnerability in its appsync module. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure that could be used to access the appsync application with elevated privileges. | |||||
| CVE-2025-24389 | 2025-01-27 | N/A | 6.3 MEDIUM | ||
| Certain errors of the upstream libraries will insert sensitive information in the OTRS or ((OTRS)) Community Edition log mechanism and mails send to the system administrator. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected | |||||
| CVE-2023-38271 | 2025-01-25 | N/A | 4.3 MEDIUM | ||
| IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files. | |||||
| CVE-2024-12569 | 2025-01-23 | N/A | 7.8 HIGH | ||
| Disclosure of sensitive information in a Milestone XProtect Device Pack driver’s log file for third-party cameras, allows an attacker to read camera credentials stored in the Recording Server under specific conditions. | |||||
| CVE-2025-24034 | 2025-01-23 | N/A | 3.2 LOW | ||
| Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially exposing sensitive authentication data. Similarly, Kerberos Ticket-Granting Tickets (TGTs) are logged when debug logging is enabled. Both issues pose a risk of exposing sensitive credentials, particularly in environments where debug logging is enabled. Himmelblau versions 0.7.15 and 0.8.3 contain a patch that fixes both issues. Some workarounds are available for users who are unable to upgrade. For the **logon compliance script issue**, disable the `logon_script` option in `/etc/himmelblau/himmelblau.conf`, and avoid using the `-d` flag when starting the `himmelblaud` daemon. For the Kerberos CCache issue, one may disable debug logging globally by setting the `debug` option in `/etc/himmelblau/himmelblau.conf` to `false` and avoiding the `-d` parameter when starting `himmelblaud`. | |||||
| CVE-2023-33001 | 1 Jenkins | 1 Hashicorp Vault | 2025-01-23 | N/A | 7.5 HIGH |
| Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. | |||||
| CVE-2025-21323 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-22 | N/A | 5.5 MEDIUM |
| Windows Kernel Memory Information Disclosure Vulnerability | |||||