Total
947 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5549 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log. | |||||
| CVE-2017-7550 | 1 Redhat | 2 Ansible, Enterprise Linux Server | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation. | |||||
| CVE-2017-11134 | 1 Stashcat | 1 Heinekingmedia | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The login credentials are written into a log file on the device. Hence, an attacker with access to the logs can read them. | |||||
| CVE-2015-3243 | 1 Rsyslog | 1 Rsyslog | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron. | |||||
| CVE-2016-9344 | 1 Moxa | 6 Miineport E1, Miineport E1 Firmware, Miineport E2 and 3 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files. | |||||
| CVE-2017-8075 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||||
| CVE-2017-15366 | 1 Ndocsoftware | 1 Ndoc | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client installation on laptops. This password can be used to gain full admin/system access to client devices (if no firewall is present) or the NDoc server itself. Once the password is known to an attacker, local access is not required. | |||||
| CVE-2017-5137 | 1 Sendquick | 4 Avera Sms Gateway, Avera Sms Gateway Firmware, Entera Sms Gateway and 1 more | 2025-04-20 | 5.0 MEDIUM | 6.2 MEDIUM |
| An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective. | |||||
| CVE-2016-9985 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671. | |||||
| CVE-2015-8977 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files. | |||||
| CVE-2017-7214 | 1 Openstack | 1 Nova | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens. | |||||
| CVE-2017-8001 | 2 Dell, Linux | 2 Emc Scaleio, Linux Kernel | 2025-04-20 | 2.1 LOW | 8.4 HIGH |
| An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials. | |||||
| CVE-2017-0380 | 1 Torproject | 1 Tor | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit. | |||||
| CVE-2017-16946 | 1 Misp | 1 Misp | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log. | |||||
| CVE-2017-3744 | 2 Ibm, Lenovo | 47 Bladecenter Hs22, Bladecenter Hs23, Bladecenter Hs23e and 44 more | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands. | |||||
| CVE-2016-10362 | 1 Elasticsearch | 1 Output Plugin | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials. | |||||
| CVE-2016-0296 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user. | |||||
| CVE-2016-8233 | 1 Lenovo | 1 Xclarity Administrator | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. | |||||
| CVE-2016-6799 | 1 Apache | 1 Cordova | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications. | |||||
| CVE-2017-1000171 | 1 Mahara | 1 Mahara Mobile | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text. | |||||