Total
903 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-18576 | 1 Dell | 1 Xtremio Management Server | 2024-11-21 | 6.7 Medium |
| Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user. | ||||
| CVE-2019-18385 | 1 Terra-master | 2 Fs-210, Fs-210 Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring. | ||||
| CVE-2019-18244 | 1 Osisoft | 1 Pi Vision | 2024-11-21 | 4.7 Medium |
| In OSIsoft PI System multiple products and versions, a local attacker could view sensitive information in log files when service accounts are customized during installation or upgrade of PI Vision. The update fixes a previously reported issue. | ||||
| CVE-2019-18193 | 1 Unisys | 1 Stealth | 2024-11-21 | 7.5 High |
| In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material inadvertently logged under certain conditions. Fixed included in 3.4.109, 4.0.027.13, 4.0.125 and 5.0.013.0. | ||||
| CVE-2019-17398 | 1 Darkhorse | 1 Dark Horse Comics | 2024-11-21 | 9.8 Critical |
| In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication, and may be available to attackers via logcat. | ||||
| CVE-2019-17397 | 1 Doordash | 1 Doordash | 2024-11-21 | 9.8 Critical |
| In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | ||||
| CVE-2019-17396 | 1 Powerschool | 1 Powerschool Mobile | 2024-11-21 | 9.8 Critical |
| In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | ||||
| CVE-2019-17395 | 1 Rapidgator | 1 Rapidgator | 2024-11-21 | 9.8 Critical |
| In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | ||||
| CVE-2019-17394 | 1 Seesaw | 1 Parent And Family | 2024-11-21 | 9.8 Critical |
| In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | ||||
| CVE-2019-17355 | 1 Orbitz | 1 Orbitz | 2024-11-21 | 9.8 Critical |
| In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | ||||
| CVE-2019-16528 | 1 Mediawiki | 1 Abusefilter | 2024-11-21 | 7.5 High |
| An issue was discovered in the AbuseFilter extension for MediaWiki. includes/special/SpecialAbuseLog.php allows attackers to obtain sensitive information, such as deleted/suppressed usernames and summaries, from AbuseLog revision data. This affects REL1_32 and REL1_33. | ||||
| CVE-2019-16210 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 5.5 Medium |
| Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save. | ||||
| CVE-2019-16206 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 5.5 Medium |
| The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information. | ||||
| CVE-2019-16204 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 7.5 High |
| Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server. | ||||
| CVE-2019-16203 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 7.5 High |
| Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client. | ||||
| CVE-2019-16157 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 6.5 Medium |
| An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands. | ||||
| CVE-2019-16116 | 1 Enterprisedt | 1 Completeftp Server | 2024-11-21 | 4.3 Medium |
| EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash. | ||||
| CVE-2019-15508 | 1 Octopus | 2 Server, Tentacle | 2024-11-21 | N/A |
| In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The fix was back-ported to 4.0.7. | ||||
| CVE-2019-15507 | 1 Octopus | 1 Server | 2024-11-21 | N/A |
| In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. The fix was back-ported to LTS 2019.6.7 as well as LTS 2019.3.8. | ||||
| CVE-2019-15294 | 1 Gallagher | 1 Command Centre | 2024-11-21 | N/A |
| An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Command_centre.log file. | ||||