CWE:
 

Tytuł
Data
Autor
Low
Trend Micro Smart Protection Server 3.2 XSS / Access Control / Disclosure
22.12.2017
CORE


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2021-11-29
Medium
CVE-2021-38283

Vendor: Wipro
Software: Holmes
 

 
Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read application log files containing sensitive information via a predictable /log URI.

 
Medium
CVE-2021-34800

Vendor: Acronis
Software: Agent
 

 
Sensitive information could be logged. The following products are affected: Acronis Agent (Windows, Linux, macOS) before build 27147

 
2021-11-23
Low
CVE-2021-21561

Vendor: DELL
Software: Emc powersca...
 

 
Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files.

 
2021-11-20
Low
CVE-2021-36340

Vendor: DELL
Software: Emc secure c...
 

 
Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.

 
2021-11-19
Low
CVE-2021-22030

Vendor: Greenplum
Software: Greenplum
 

 
In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. A malicious user with access to logs can read sensitive(credentials) information about users

 
2021-11-18
Low
CVE-2021-27026

Vendor: Puppet
Software: Puppet
 

 
A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged

 
2021-11-17
Low
CVE-2021-0148

Updating...
 

 
Insertion of information into log file in firmware for some Intel(R) SSD DC may allow a privileged user to potentially enable information disclosure via local access.

 
2021-11-12
Low
CVE-2021-3791

Updating...
 

 
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password.

 
2021-11-09
Low
CVE-2020-10052

Vendor: Siemens
Software: Simatic rtls...
 

 
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as usernames and passwords in log files. A local attacker with access to the log files could use this information to launch further attacks.

 
Medium
CVE-2021-40364

Vendor: Siemens
Software: Simatic pcs 7
 

 
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). The affected systems store sensitive information in log files. An attacker with access to the log files could publicly expose the information or reuse it to develop further attacks on the system.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top