Total
979 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25518 | 1 Tecnoteca | 1 Cmdbuild | 2024-11-21 | 6.5 Medium |
| In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table. | ||||
| CVE-2022-25477 | 1 Realtek | 2 Rtsper, Rtsuer | 2024-11-21 | 5.5 Medium |
| Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 leaks driver logs that contain addresses of kernel mode objects, weakening KASLR. | ||||
| CVE-2022-25374 | 1 Hashicorp | 1 Terraform Enterprise | 2024-11-21 | 7.5 High |
| HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data. Fixed in v202202-1. | ||||
| CVE-2022-23715 | 1 Elastic | 1 Elastic Cloud Enterprise | 2024-11-21 | 6.5 Medium |
| A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore | ||||
| CVE-2022-23141 | 1 Zte | 2 Zxmp M721, Zxmp M721 Firmware | 2024-11-21 | 7.5 High |
| ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information. | ||||
| CVE-2022-22939 | 1 Vmware | 1 Cloud Foundation | 2024-11-21 | 4.9 Medium |
| VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files. | ||||
| CVE-2022-22703 | 2 Microsoft, Stormshield | 2 Windows, Network Security | 2024-11-21 | 5.5 Medium |
| In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer. | ||||
| CVE-2022-20809 | 1 Cisco | 1 Telepresence Video Communication Server | 2024-11-21 | 4.3 Medium |
| Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2022-20807 | 1 Cisco | 1 Telepresence Video Communication Server | 2024-11-21 | 4.3 Medium |
| Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2022-20806 | 1 Cisco | 1 Telepresence Video Communication Server | 2024-11-21 | 4.3 Medium |
| Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2022-20768 | 1 Cisco | 1 Telepresence Collaboration Endpoint | 2024-11-21 | 4.9 Medium |
| A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials. | ||||
| CVE-2022-20651 | 1 Cisco | 1 Adaptive Security Device Manager | 2024-11-21 | 5.5 Medium |
| A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. Cisco ADSM must be deployed in a shared workstation environment for this issue to be exploited. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view the credentials of other users of the shared device. | ||||
| CVE-2022-20278 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In Accounts, there is a possible way to write sensitive information to the system log due to insufficient log filtering. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-205130113 | ||||
| CVE-2022-1157 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.6 Low |
| Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged | ||||
| CVE-2022-0725 | 2 Fedoraproject, Keepass | 3 Extra Packages For Enterprise Linux, Fedora, Keepass | 2024-11-21 | 7.5 High |
| A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs. | ||||
| CVE-2022-0718 | 3 Debian, Openstack, Redhat | 5 Debian Linux, Oslo.utils, Openshift Container Platform and 2 more | 2024-11-21 | 4.9 Medium |
| A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext. | ||||
| CVE-2022-0652 | 1 Sophos | 1 Unified Threat Management | 2024-11-21 | 3.3 Low |
| Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710. | ||||
| CVE-2022-0338 | 1 Loguru Project | 1 Loguru | 2024-11-21 | 4.3 Medium |
| Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3. | ||||
| CVE-2022-0021 | 2 Microsoft, Paloaltonetworks | 2 Windows, Globalprotect | 2024-11-21 | 3.3 Low |
| An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms. | ||||
| CVE-2021-45449 | 1 Docker | 1 Docker Desktop | 2024-11-21 | 5.5 Medium |
| Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user’s local files. | ||||