Total
903 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20105 | 3 Opensuse, Suse, Yast2-rmt Project | 3 Leap, Suse Linux Enterprise Server, Yast2-rmt | 2024-11-21 | 4 Medium |
| A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2. | ||||
| CVE-2018-1876 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-11-21 | N/A |
| IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. IBM X-Force ID: 151707. | ||||
| CVE-2018-1788 | 1 Ibm | 1 Spectrum Protect Server | 2024-11-21 | N/A |
| IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873. | ||||
| CVE-2018-1768 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | N/A |
| IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622. | ||||
| CVE-2018-1350 | 1 Netiq | 1 Identity Manager | 2024-11-21 | N/A |
| The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration. | ||||
| CVE-2018-1349 | 1 Netiq | 1 Identity Manager | 2024-11-21 | N/A |
| The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration. | ||||
| CVE-2018-1264 | 1 Pivotal Software | 1 Cloud Foundry Log Cache | 2024-11-21 | N/A |
| Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case, if this client is an admin, the attacker would gain complete control over the Foundation. | ||||
| CVE-2018-1241 | 1 Emc | 2 Recoverpoint, Recoverpoint For Virtual Machines | 2024-11-21 | N/A |
| Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain the exposed LDAP password to use it in further attacks. | ||||
| CVE-2018-1223 | 1 Pivotal | 1 Cloud Foundry Container Runtime | 2024-11-21 | 8.8 High |
| Cloud Foundry Container Runtime (kubo-release), versions prior to 0.14.0, may leak UAA and vCenter credentials to application logs. A malicious user with the ability to read the application logs could use these credentials to escalate privileges. | ||||
| CVE-2018-1198 | 1 Pivotal Software | 1 Pivotal Cloud Cache | 2024-11-21 | N/A |
| Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during BOSH deployment logs. A malicious user with access to the logs could escalate their privileges using this password. | ||||
| CVE-2018-1117 | 2 Ovirt, Redhat | 3 Ovirt-ansible-roles, Enterprise Virtualization, Rhev Manager | 2024-11-21 | N/A |
| ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin passwords in the provisioning log. In an environment where logs are shared with other parties, this could lead to privilege escalation. | ||||
| CVE-2018-1075 | 2 Ovirt, Redhat | 2 Ovirt, Rhev Manager | 2024-11-21 | N/A |
| ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords. | ||||
| CVE-2018-1072 | 2 Ovirt, Redhat | 3 Ovirt, Enterprise Virtualization Manager, Rhev Manager | 2024-11-21 | N/A |
| ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options "--provision*db", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords. | ||||
| CVE-2018-19865 | 2 Opensuse, Qt | 2 Leap, Qt | 2024-11-21 | N/A |
| A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. | ||||
| CVE-2018-19863 | 1 Agilebits | 1 1password | 2024-11-21 | N/A |
| An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on macOS. A mistake in error logging resulted in instances where sensitive data passed from Safari to 1Password could be logged locally on the user's machine. This data could include usernames and passwords that a user manually entered into Safari. | ||||
| CVE-2018-19786 | 1 Hashicorp | 1 Vault | 2024-11-21 | 7.3 High |
| HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported. | ||||
| CVE-2018-19583 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token. | ||||
| CVE-2018-19513 | 1 Ens | 1 Webgalamb | 2024-11-21 | N/A |
| In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log filenames. The log file could contain sensitive client data (email addresses) and also facilitates exploitation of SQL injection errors. | ||||
| CVE-2018-19014 | 1 Draeger | 8 Delta Xl, Delta Xl Firmware, Infinity Delta and 5 more | 2024-11-21 | N/A |
| Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration. | ||||
| CVE-2018-1999036 | 1 Jenkins | 1 Ssh Agent | 2024-11-21 | N/A |
| An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log. | ||||