Total
903 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30618 | 1 Kitchen-terraform Project | 1 Kitchen-terraform | 2025-02-04 | 3.2 Low |
| Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the `info` logging level during the `kitchen converge` action. Prior to v7.0.0, the output values were printed at the `debug` level to avoid writing sensitive values to the terminal by default. An attacker would need access to the local machine in order to gain access to these logs during an operation. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2022-43936 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 6.8 Medium |
| Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled. | ||||
| CVE-2022-43937 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 5.7 Medium |
| Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a | ||||
| CVE-2022-43935 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 5.3 Medium |
| An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file. | ||||
| CVE-2022-43933 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 4.4 Medium |
| An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, and secret keys. | ||||
| CVE-2024-29955 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 5 Medium |
| A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key. | ||||
| CVE-2024-29957 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 7.5 High |
| When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key. | ||||
| CVE-2024-29958 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 7.5 High |
| A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. This could provide attackers an additional, less protected path to acquiring the encryption key. | ||||
| CVE-2024-29959 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 8.6 High |
| A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save. | ||||
| CVE-2025-24556 | 2025-02-03 | 7.5 High | ||
| Insertion of Sensitive Information into Log File vulnerability in DualCube MooWoodle allows Retrieve Embedded Sensitive Data. This issue affects MooWoodle: from n/a through 3.2.4. | ||||
| CVE-2025-24169 | 1 Apple | 2 Macos, Safari | 2025-01-31 | 7.5 High |
| A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.3, Safari 18.3. A malicious app may be able to bypass browser extension authentication. | ||||
| CVE-2024-40679 | 1 Ibm | 1 Db2 | 2025-01-31 | 5.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions. | ||||
| CVE-2025-24884 | 2025-01-31 | N/A | ||
| kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. This vulnerability is fixed in 1.0.16. | ||||
| CVE-2025-24457 | 1 Jetbrains | 1 Youtrack | 2025-01-30 | 5.5 Medium |
| In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs | ||||
| CVE-2023-31207 | 1 Checkmk | 1 Checkmk | 2025-01-30 | 4.4 Medium |
| Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log. | ||||
| CVE-2024-22339 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-01-29 | 4.3 Medium |
| IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979. | ||||
| CVE-2024-45091 | 1 Ibm | 1 Urbancode Deploy | 2025-01-29 | 6.2 Medium |
| IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs. | ||||
| CVE-2023-31413 | 1 Elastic | 1 Filebeat | 2025-01-29 | 5.5 Medium |
| Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled. | ||||
| CVE-2024-25957 | 1 Dell | 1 Grab | 2025-01-28 | 4.8 Medium |
| Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext storage of sensitive information vulnerability in its appsync module. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure that could be used to access the appsync application with elevated privileges. | ||||
| CVE-2023-38271 | 1 Ibm | 1 Cloud Pak System | 2025-01-27 | 4.3 Medium |
| IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files. | ||||