Total
903 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21319 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-22 | N/A | 5.5 MEDIUM |
| Windows Kernel Memory Information Disclosure Vulnerability | |||||
| CVE-2025-21318 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-22 | N/A | 5.5 MEDIUM |
| Windows Kernel Memory Information Disclosure Vulnerability | |||||
| CVE-2025-21317 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-01-22 | N/A | 5.5 MEDIUM |
| Windows Kernel Memory Information Disclosure Vulnerability | |||||
| CVE-2025-21316 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-22 | N/A | 5.5 MEDIUM |
| Windows Kernel Memory Information Disclosure Vulnerability | |||||
| CVE-2024-11923 | 2025-01-18 | N/A | 5.5 MEDIUM | ||
| Under certain log settings the IAM or CORE service will log credentials in the iam logfile in Fortra Application Hub (Formerly named Helpsystems One) prior to version 1.3 | |||||
| CVE-2024-12226 | 2025-01-16 | N/A | 6.5 MEDIUM | ||
| In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. This was identified in Version 2 however it was determined that this could also be achieved in Version 1 and the fix was applied to both versions accordingly. | |||||
| CVE-2024-55891 | 2025-01-14 | N/A | 3.1 LOW | ||
| TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS which fixes the problem described. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-28351 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-13 | N/A | 3.3 LOW |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. Every keystroke made by any user on a computer with the Student application installed is logged to a world-readable directory. A local attacker can trivially extract these cleartext keystrokes, potentially enabling them to obtain PII and/or to compromise personal accounts owned by the victim. | |||||
| CVE-2024-28186 | 1 Freescout | 1 Freescout | 2025-01-10 | N/A | 7.1 HIGH |
| FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization in the application to users of the application. This issue arises from the application storing complete stack traces of exceptions in its database. The sensitive information is then inadvertently disclosed to users via the `/conversation/ajax-html/send_log?folder_id=&thread_id={id}` endpoint. The stack trace reveals value of parameters, including the username and password, passed to the `Swift_Transport_Esmtp_Auth_LoginAuthenticator->authenticate()` function. Exploiting this vulnerability allows an attacker to gain unauthorized access to SMTP server credentials. With this sensitive information in hand, the attacker can potentially send unauthorized emails from the compromised SMTP server, posing a severe threat to the confidentiality and integrity of email communications. This could lead to targeted attacks on both the application users and the organization itself, compromising the security of email exchange servers. This issue has been addressed in version 1.8.124. Users are advised to upgrade. Users unable to upgrade should adopt the following measures: 1. Avoid Storing Complete Stack Traces, 2. Implement redaction mechanisms to filter and exclude sensitive information, and 3. Review and enhance the application's logging practices. | |||||
| CVE-2024-25959 | 1 Dell | 1 Powerscale Onefs | 2025-01-09 | N/A | 7.9 HIGH |
| Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges. | |||||
| CVE-2024-39532 | 2025-01-07 | N/A | 6.3 MEDIUM | ||
| An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information. When another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information. This issue affects: Junos OS: * All versions before 21.2R3-S9; * 21.4 versions before 21.4R3-S9; * 22.2 versions before 22.2R2-S1, 22.2R3; * 22.3 versions before 22.3R1-S1, 22.3R2; Junos OS Evolved: * All versions before before 22.1R3-EVO; * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO. | |||||
| CVE-2024-49816 | 1 Ibm | 1 Security Guardium Key Lifecycle Manager | 2025-01-07 | N/A | 4.9 MEDIUM |
| IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user. | |||||
| CVE-2025-22275 | 2025-01-03 | N/A | 9.3 CRITICAL | ||
| iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python installation. | |||||
| CVE-2022-30148 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-01-02 | 2.1 LOW | 5.5 MEDIUM |
| Windows Desired State Configuration (DSC) Information Disclosure Vulnerability | |||||
| CVE-2023-22869 | 1 Ibm | 1 Aspera Faspex | 2024-12-19 | N/A | 5.5 MEDIUM |
| IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 244119. | |||||
| CVE-2023-20885 | 1 Pivotal | 3 Cloud Foundry Nfs Volume, Cloud Foundry Notifications, Cloud Foundry Smb Volume | 2024-12-16 | N/A | 6.5 MEDIUM |
| Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions prior to 7.1.19. | |||||
| CVE-2023-6746 | 1 Github | 1 Enterprise Server | 2024-12-16 | N/A | 8.1 HIGH |
| An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | |||||
| CVE-2024-54484 | 1 Apple | 1 Macos | 2024-12-13 | N/A | 5.5 MEDIUM |
| The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data. | |||||
| CVE-2024-12292 | 2024-12-12 | N/A | 4.0 MEDIUM | ||
| An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs. | |||||
| CVE-2024-42407 | 2024-12-12 | N/A | 8.5 HIGH | ||
| Insertion of Sensitive Information into Log File (CWE-532) in the Gallagher Command Centre Alarm Transmitter feature could allow an authenticated Operator to view some security sensitive information to which they have not been granted access. This issue affects: Command Centre Server 9.10 prior to 9.10.2149 (MR4), 9.00 prior to 9.00.2374 (MR5), 8.90 prior to 8.90.2356 (MR6), all versions of 8.80 and prior. | |||||