CWE:
 

Topic
Date
Author
Low
Trend Micro Smart Protection Server 3.2 XSS / Access Control / Disclosure
22.12.2017
CORE


CVEMAP Search Results

CVE
Details
Description
2020-02-13
Low
CVE-2020-0018

Vendor: Google
Software: Android
 

 
In MotionEntry::appendDescription of InputDispatcher.cpp, there is a possible log information disclosure. This could lead to local disclosure of user input with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139945049

 
2020-01-27
Low
CVE-2018-20105

Vendor: Yast2-rmt project
Software: Yast2-rmt
 

 
A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2.

 
2020-01-24
Medium
CVE-2020-5225

Vendor: Simplesamlphp
Software: Simplesamlphp
 

 
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content.

 
2020-01-15
Low
CVE-2019-18244

Vendor: Osisoft
Software: Pi vision
 

 
OSIsoft PI Vision, PI Vision 2017 R2, PI Vision 2017 R2 SP1, PI Vision 2019. The affected product records the service account password in the installation log files when a non-default service account and password are specified during installation or upgrade.

 
2020-01-07
Low
CVE-2019-14854

Vendor: Redhat
Software: Openshift co...
 

 
OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user.

 
2020-01-02
Low
CVE-2019-14864

Vendor: Redhat
Software: Ansible
 

 
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.

 
2019-12-23
Medium
CVE-2019-3429

Vendor: ZTE
Software: Zxcloud gold...
 

 
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information.

 
Low
CVE-2019-19150

Vendor: F5
Software: Big-ip acces...
 

 
On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled.

 
2019-12-15
Low
CVE-2014-3536

Vendor: Redhat
Software: Cloudforms m...
 

 
CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration

 
2019-12-12
Low
CVE-2019-10695

Vendor: Puppet
Software: Continuous d...
 

 
When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user?s username and password were exposed in the job?s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top