CWE:
 

Topic
Date
Author
Low
Trend Micro Smart Protection Server 3.2 XSS / Access Control / Disclosure
22.12.2017
CORE


CVEMAP Search Results

CVE
Details
Description
2019-07-11
Low
CVE-2019-10194

Vendor: Ovirt
Software: Ovirt
 

 
Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.

 
2019-07-10
Low
CVE-2018-19583

Vendor: Gitlab
Software: Gitlab
 

 
GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token.

 
2019-07-01
Low
CVE-2019-4299

Updating...
 

 
IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765.

 
2019-06-26
Low
CVE-2019-4225

Vendor: IBM
Software: Pureapplicat...
 

 
IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.

 
2019-06-14
Low
CVE-2019-10159

Updating...
 

 
cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available.

 
2019-05-23
Low
CVE-2019-4039

Vendor: IBM
Software: Websphere mq
 

 
IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163.

 
2019-05-14
Low
CVE-2019-11336

Updating...
 

 
Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used when the TV is acting as an access point) by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886.

 
2019-05-03
Low
CVE-2019-6158

Vendor: Lenovo
Software: Xclarity adm...
 

 
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x.

 
2019-04-26
Medium
CVE-2019-11492

Vendor: Projectsend
Software: Projectsend
 

 
ProjectSend before r1070 writes user passwords to the server logs.

 
2019-04-24
Medium
CVE-2019-9734

Vendor: Aquaverde
Software: Aquarius cms
 

 
Aquarius CMS through 4.3.5 writes POST and GET parameters (including passwords) to a log file due to an overwriting of configuration parameters under certain circumstances.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top