Vulnerabilities > Information Exposure Through Log Files
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-01-15 | CVE-2019-0004 | Information Exposure Through Log Files vulnerability in Juniper Advanced Threat Prevention On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. | 5.5 |
2019-01-02 | CVE-2019-3500 | Information Exposure Through Log Files vulnerability in multiple products aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. | 7.8 |
2018-12-28 | CVE-2018-15004 | Information Exposure Through Log Files vulnerability in Coolpad Canvas Firmware 7.0 The Coolpad Canvas device with a build fingerprint of Coolpad/cp3636a/cp3636a:7.0/NRD90M/093031423:user/release-keys contains a platform app with a package name of com.qualcomm.qti.modemtestmode (versionCode=24, versionName=7.0) that contains an exported service app component named com.qualcomm.qti.modemtestmode.MbnTestService that allows any app on the device to set certain system properties as the com.android.phone user. | 5.9 |
2018-12-28 | CVE-2018-15002 | Information Exposure Through Log Files vulnerability in Vivo V7 Firmware 7.1.2 The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys allows any app co-located on the device to set system properties as the com.android.phone user. | 4.7 |
2018-12-28 | CVE-2018-15001 | Information Exposure Through Log Files vulnerability in Vivo V7 Firmware 1.0 The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.bsptest (versionCode=1, versionName=1.0) containing an exported activity app component named com.vivo.bsptest.BSPTestActivity that allows any app co-located on the device to initiate the writing of the logcat log, bluetooth log, and kernel log to external storage. | 5.5 |
2018-12-28 | CVE-2018-14995 | Information Exposure Through Log Files vulnerability in Zteusa products The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of ZTE/Z971/peony:7.1.1/NMF26V/20171129.143111:user/release-keys, the ZTE ZMAX Pro Android device with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contain a pre-installed platform app with a package name of com.android.modem.service (versionCode=25, versionName=7.1.1; versionCode=23, versionName=6.0.1) that exports an interface to any app on co-located on the device. | 4.7 |
2018-12-22 | CVE-2018-19863 | Information Exposure Through Log Files vulnerability in Agilebits 1Password 7.2.3 An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on macOS. | 5.5 |
2018-12-05 | CVE-2018-15797 | Information Exposure Through Log Files vulnerability in Pivotal Software Cloud Foundry NFS Volume Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. | 8.8 |
2018-12-05 | CVE-2018-19865 | Information Exposure Through Log Files vulnerability in multiple products A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. | 7.5 |
2018-12-05 | CVE-2018-19786 | Information Exposure Through Log Files vulnerability in Hashicorp Vault HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported. | 8.1 |