CWE:
 

Tytuł
Data
Autor
Low
Trend Micro Smart Protection Server 3.2 XSS / Access Control / Disclosure
22.12.2017
CORE


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-05-09
Low
CVE-2022-28161

Vendor: Brocade
Software: Sannav
 

 
An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode.

 
2022-05-05
Low
CVE-2022-27636

Vendor: F5
Software: Big-ip acces...
 

 
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

 
Low
CVE-2022-28859

Vendor: F5
Software: Big-ip acces...
 

 
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions prior to 14.1.4.6, when installing Net HSM, the scripts (nethsm-safenet-install.sh and nethsm-thales-install.sh) expose the Net HSM partition password. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

 
2022-04-27
Medium
CVE-2021-38939

Updating...
 

 
IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037.

 
Low
CVE-2022-29810

Vendor: Hashicorp
Software: Go-getter
 

 
The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile.

 
2022-04-11
Low
CVE-2022-1157

Vendor: Gitlab
Software: Gitlab
 

 
Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged

 
2022-04-06
Medium
CVE-2021-45103

Vendor: WISC
Software: Htcondor
 

 
An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can access files stored in S3 cloud storage that a user has asked HTCondor to transfer.

 
2022-04-04
Medium
CVE-2022-27442

Vendor: Tpcms project
Software: Tpcms
 

 
TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password.

 
2022-03-31
Medium
CVE-2022-24758

Vendor: Jupyter
Software: Notebook
 

 
The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter notebook version 6.4.x contains a patch for this issue. There are currently no known workarounds.

 
2022-03-30
Low
CVE-2021-39739

Vendor: Google
Software: Android
 

 
In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184525194

 

 


Copyright 2022, cxsecurity.com

 

Back to Top