CWE:
 

Topic
Date
Author
Low
Trend Micro Smart Protection Server 3.2 XSS / Access Control / Disclosure
22.12.2017
CORE


CVEMAP Search Results

CVE
Details
Description
2019-11-15
Low
CVE-2019-6662

Vendor: F5
Software: Big-ip acces...
 

 
On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that data.

 
2019-11-08
Low
CVE-2019-3866

Updating...
 

 
An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information.

 
Low
CVE-2019-16210

Vendor: Broadcom
Software: Brocade sannav
 

 
Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.

 
Low
CVE-2019-16206

Vendor: Broadcom
Software: Brocade sannav
 

 
The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ?trace? and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information.

 
2019-11-07
Medium
CVE-2013-1771

Vendor: Monkey-project
Software: Monkey
 

 
The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo.

 
2019-10-23
Medium
CVE-2019-18385

Updating...
 

 
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring.

 
Low
CVE-2019-11283

Updating...
 

 
Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume.

 
2019-10-15
Medium
CVE-2019-17397

Vendor: Doordash
Software: Doordash
 

 
In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.

 
2019-10-08
Low
CVE-2019-0380

Vendor: SAP
Software: Landscape ma...
 

 
Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters? default values to be part of the application logs leading to Information Disclosure.

 
2019-10-02
Low
CVE-2019-10212

Vendor: Redhat
Software: Jboss data grid
 

 
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top