CWE:
 

Topic
Date
Author
Low
Trend Micro Smart Protection Server 3.2 XSS / Access Control / Disclosure
22.12.2017
CORE


CVEMAP Search Results

CVE
Details
Description
2019-06-14
Low
CVE-2019-10159

Updating...
 

 
cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available.

 
2019-05-23
Low
CVE-2019-4039

Vendor: IBM
Software: Websphere mq
 

 
IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163.

 
2019-05-14
Low
CVE-2019-11336

Updating...
 

 
Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used when the TV is acting as an access point) by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886.

 
2019-05-03
Low
CVE-2019-6158

Vendor: Lenovo
Software: Xclarity adm...
 

 
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x.

 
2019-04-26
Medium
CVE-2019-11492

Vendor: Projectsend
Software: Projectsend
 

 
ProjectSend before r1070 writes user passwords to the server logs.

 
2019-04-24
Medium
CVE-2019-9734

Vendor: Aquaverde
Software: Aquarius cms
 

 
aquaverde Aquarius CMS through 4.3.5 writes POST and GET parameters (including passwords) to a log file because of incorrect if/else usage in the Log-File writer component.

 
Medium
CVE-2019-9724

Vendor: Aquaverde
Software: Aquarius cms
 

 
aquaverde Aquarius CMS through 4.3.5 allows Information Exposure through Log Files because of an error in the Log-File writer component.

 
2019-04-22
Medium
CVE-2019-6157

Vendor: IBM
Software: Bladecenter ...
 

 
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.

 
Medium
CVE-2015-1343

Vendor: Canonical
Software: Ubuntu linux
 

 
All versions of unity-scope-gdrive logs search terms to syslog.

 
2019-04-15
Low
CVE-2019-3891

Vendor: Redhat
Software: Satellite
 

 
It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top