CWE:
 

Topic
Date
Author
Low
Trend Micro Smart Protection Server 3.2 XSS / Access Control / Disclosure
22.12.2017
CORE


CVEMAP Search Results

CVE
Details
Description
2019-08-08
Low
CVE-2018-20956

Vendor: Swann
Software: Swwhd-intcam...
 

 
Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset.

 
Medium
CVE-2019-1961

Updating...
 

 
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to the improper input validation of tar packages uploaded through the Web Portal to the Image Repository. An attacker could exploit this vulnerability by uploading a crafted tar package and viewing the log entries that are generated. A successful exploit could allow the attacker to read arbitrary files on the underlying OS.

 
Low
CVE-2019-1953

Updating...
 

 
A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to view a password in clear text. The vulnerability is due to incorrectly logging the admin password when a user is forced to modify the default password when logging in to the web portal for the first time. Subsequent password changes are not logged and other accounts are not affected. An attacker could exploit this vulnerability by viewing the admin clear text password and using it to access the affected system. The attacker would need a valid user account to exploit this vulnerability.

 
2019-08-07
Low
CVE-2019-10367

Vendor: Jenkins
Software: Configuratio...
 

 
Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied.

 
2019-08-05
Low
CVE-2019-4284

Vendor: IBM
Software: Cloud private
 

 
IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512.

 
2019-08-02
Low
CVE-2017-18423

Vendor: Cpanel
Software: Cpanel
 

 
In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).

 
Low
CVE-2017-18412

Vendor: Cpanel
Software: Cpanel
 

 
cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296).

 
Low
CVE-2017-18426

Vendor: Cpanel
Software: Cpanel
 

 
cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288).

 
2019-08-01
Low
CVE-2016-10819

Vendor: Cpanel
Software: Cpanel
 

 
In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125).

 
2019-07-31
Low
CVE-2019-10343

Vendor: Jenkins
Software: Configuratio...
 

 
Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top