Total
1040 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6709 | 1 Cisco | 1 Ultra Services Framework | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability exists because the affected software logs administrative credentials in clear text for Cisco ESC and Cisco OpenStack deployment purposes. An attacker could exploit this vulnerability by accessing the AutoVNF URL for the location where the log files are stored and subsequently accessing the administrative credentials that are stored in clear text in those log files. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76659. | |||||
| CVE-2017-7550 | 1 Redhat | 2 Ansible, Enterprise Linux Server | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation. | |||||
| CVE-2017-1000171 | 1 Mahara | 1 Mahara Mobile | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text. | |||||
| CVE-2017-8001 | 2 Dell, Linux | 2 Emc Scaleio, Linux Kernel | 2025-04-20 | 2.1 LOW | 8.4 HIGH |
| An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials. | |||||
| CVE-2016-8912 | 1 Ibm | 1 Kenexa Lms On Cloud | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user. | |||||
| CVE-2016-9882 | 1 Cloudfoundry | 2 Capi-release, Cf-release | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggregator via syslog. | |||||
| CVE-2016-9985 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671. | |||||
| CVE-2017-15572 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect. | |||||
| CVE-2017-9615 | 1 Cognito | 1 Moneyworks | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file. | |||||
| CVE-2017-8075 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||||
| CVE-2017-16946 | 1 Misp | 1 Misp | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log. | |||||
| CVE-2016-0296 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user. | |||||
| CVE-2017-5137 | 1 Sendquick | 4 Avera Sms Gateway, Avera Sms Gateway Firmware, Entera Sms Gateway and 1 more | 2025-04-20 | 5.0 MEDIUM | 6.2 MEDIUM |
| An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective. | |||||
| CVE-2015-8977 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files. | |||||
| CVE-2017-4955 | 1 Pivotal Software | 1 Cloud Foundry Elastic Runtime | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile. | |||||
| CVE-2016-10362 | 1 Elasticsearch | 1 Output Plugin | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials. | |||||
| CVE-2017-15366 | 1 Ndocsoftware | 1 Ndoc | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client installation on laptops. This password can be used to gain full admin/system access to client devices (if no firewall is present) or the NDoc server itself. Once the password is known to an attacker, local access is not required. | |||||
| CVE-2017-6139 | 1 F5 | 1 Big-ip Access Policy Manager | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk. | |||||
| CVE-2017-3744 | 2 Ibm, Lenovo | 47 Bladecenter Hs22, Bladecenter Hs23, Bladecenter Hs23e and 44 more | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands. | |||||
| CVE-2017-0380 | 1 Torproject | 1 Tor | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit. | |||||