Total
904 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3993 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.9 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Access tokens may have been logged when a query was made to a specific endpoint. | |||||
| CVE-2023-3363 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 3.9 LOW |
| An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to `default`. | |||||
| CVE-2023-3350 | 1 Ayesa | 1 Ibermatica Rps | 2024-11-21 | N/A | 8.2 HIGH |
| A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, which can be decrypted with a .NET function, obtaining the username's password in plain text. | |||||
| CVE-2023-3349 | 1 Ayesa | 1 Ibermatica Rps | 2024-11-21 | N/A | 8.2 HIGH |
| Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the URL /RPS2019Service/status.html, the application enables the logging mechanism by generating the log file, which can be downloaded. | |||||
| CVE-2023-3335 | 2 Hitachi, Linux | 2 Ops Center Administrator, Linux Kernel | 2024-11-21 | N/A | 6.5 MEDIUM |
| Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00. | |||||
| CVE-2023-39447 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Guided Configuration | 2024-11-21 | N/A | 4.4 MEDIUM |
| When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-39348 | 1 Linuxfoundation | 1 Spinnaker | 2024-11-21 | N/A | 4.0 MEDIUM |
| Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the risk is slightly higher than a "low" since token exposure could grant elevated access to repositories outside of control. If using READ restricted tokens, the exposure is such that the token itself could be used to access resources otherwise restricted from reads. This only affects users of GitHub Status Notifications. This issue has been addressed in pull request 1316. Users are advised to upgrade. Users unable to upgrade should disable GH Status Notifications, Filter their logs for Echo log data and use read-only tokens that are limited in scope. | |||||
| CVE-2023-38733 | 3 Ibm, Microsoft, Redhat | 3 Robotic Process Automation, Windows, Openshift | 2024-11-21 | N/A | 4.3 MEDIUM |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293. | |||||
| CVE-2023-38732 | 3 Ibm, Microsoft, Redhat | 4 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Windows and 1 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289. | |||||
| CVE-2023-38067 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log | |||||
| CVE-2023-38064 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log | |||||
| CVE-2023-37224 | 1 Archerirm | 1 Archer | 2024-11-21 | N/A | 6.0 MEDIUM |
| An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files. | |||||
| CVE-2023-36649 | 1 Prolion | 1 Cryptospike | 2024-11-21 | N/A | 9.1 CRITICAL |
| Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication. | |||||
| CVE-2023-35695 | 1 Trendmicro | 1 Mobile Security | 2024-11-21 | N/A | 7.5 HIGH |
| A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product. | |||||
| CVE-2023-34223 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases | |||||
| CVE-2023-34097 | 1 Hoppscotch | 1 Hoppscotch | 2024-11-21 | N/A | 7.8 HIGH |
| hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs when showing the database connection string. Attackers with access to read system logs will be able to elevate privilege with full access to the database. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-32491 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | N/A | 6.3 MEDIUM |
| Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. A low privileges user could potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2023-32478 | 1 Dell | 1 Powerstoreos | 2024-11-21 | N/A | 9.0 CRITICAL |
| Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure. | |||||
| CVE-2023-32468 | 1 Dell | 1 Ecs Streamer | 2024-11-21 | N/A | 5.8 MEDIUM |
| Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of sensitive information in log files vulnerability. A remote malicious high-privileged user could potentially exploit this vulnerability leading to exposure of this sensitive data. | |||||
| CVE-2023-32455 | 1 Dell | 10 Latitude 3420, Latitude 3440, Latitude 5440 and 7 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files. | |||||