CWE:
 

Topic
Date
Author
Low
Trend Micro Smart Protection Server 3.2 XSS / Access Control / Disclosure
22.12.2017
CORE


CVEMAP Search Results

CVE
Details
Description
2021-04-12
Low
CVE-2021-24024

Vendor: Fortinet
Software: Fortiadc
 

 
A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users' password in log files.

 
2021-04-01
Medium
CVE-2021-23924

Vendor: Devolutions
Software: Devolutions ...
 

 
An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files.

 
Low
CVE-2021-3447

Vendor: Redhat
Software: Ansible
 

 
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2.

 
2021-03-25
Low
CVE-2021-25350

Updating...
 

 
Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log.

 
2021-03-24
Medium
CVE-2021-1442

Vendor: Oracle
Software: Cisco ios xe...
 

 
A vulnerability in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user (level 15) on an affected device. The vulnerability is due to insufficient protection of sensitive information. An attacker with low privileges could exploit this vulnerability by issuing the diagnostic CLI show pnp profile when a specific PnP listener is enabled on the device. A successful exploit could allow the attacker to obtain a privileged authentication token. This token can be used to send crafted PnP messages and execute privileged commands on the targeted system.

 
2021-03-22
Low
CVE-2021-22310

Updating...
 

 
There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions include: NIP6300 versions V500R001C00,V500R001C20,V500R001C30;NIP6600 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6300 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6500 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6600 versions V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80;USG9500 versions V500R005C00,V500R005C10.

 
2021-03-09
Low
CVE-2021-21361

Vendor: Vagrant project
Software: Vagrant
 

 
The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixed in version 3.0.0.

 
2021-02-11
Low
CVE-2021-25688

Vendor: Teradici
Software: Pcoip graphi...
 

 
Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application logs.

 
2021-02-10
Low
CVE-2021-22133

Vendor: Elastic
Software: Apm agent
 

 
The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it is possible the headers will not be sanitized before being sent.

 
Low
CVE-2020-7021

Vendor: Elastic
Software: Elasticsearch
 

 
Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top