Vulnerabilities > Information Exposure Through Log Files

DATE CVE VULNERABILITY TITLE RISK
2019-01-15 CVE-2019-0004 Information Exposure Through Log Files vulnerability in Juniper Advanced Threat Prevention
On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users.
local
low complexity
juniper CWE-532
5.5
2019-01-02 CVE-2019-3500 Information Exposure Through Log Files vulnerability in multiple products
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.
7.8
2018-12-28 CVE-2018-15004 Information Exposure Through Log Files vulnerability in Coolpad Canvas Firmware 7.0
The Coolpad Canvas device with a build fingerprint of Coolpad/cp3636a/cp3636a:7.0/NRD90M/093031423:user/release-keys contains a platform app with a package name of com.qualcomm.qti.modemtestmode (versionCode=24, versionName=7.0) that contains an exported service app component named com.qualcomm.qti.modemtestmode.MbnTestService that allows any app on the device to set certain system properties as the com.android.phone user.
network
high complexity
coolpad CWE-532
5.9
2018-12-28 CVE-2018-15002 Information Exposure Through Log Files vulnerability in Vivo V7 Firmware 7.1.2
The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys allows any app co-located on the device to set system properties as the com.android.phone user.
local
high complexity
vivo CWE-532
4.7
2018-12-28 CVE-2018-15001 Information Exposure Through Log Files vulnerability in Vivo V7 Firmware 1.0
The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.bsptest (versionCode=1, versionName=1.0) containing an exported activity app component named com.vivo.bsptest.BSPTestActivity that allows any app co-located on the device to initiate the writing of the logcat log, bluetooth log, and kernel log to external storage.
local
low complexity
vivo CWE-532
5.5
2018-12-28 CVE-2018-14995 Information Exposure Through Log Files vulnerability in Zteusa products
The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of ZTE/Z971/peony:7.1.1/NMF26V/20171129.143111:user/release-keys, the ZTE ZMAX Pro Android device with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contain a pre-installed platform app with a package name of com.android.modem.service (versionCode=25, versionName=7.1.1; versionCode=23, versionName=6.0.1) that exports an interface to any app on co-located on the device.
local
high complexity
zteusa CWE-532
4.7
2018-12-22 CVE-2018-19863 Information Exposure Through Log Files vulnerability in Agilebits 1Password 7.2.3
An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on macOS.
local
low complexity
agilebits CWE-532
5.5
2018-12-05 CVE-2018-15797 Information Exposure Through Log Files vulnerability in Pivotal Software Cloud Foundry NFS Volume
Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand.
network
low complexity
pivotal-software CWE-532
8.8
2018-12-05 CVE-2018-19865 Information Exposure Through Log Files vulnerability in multiple products
A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.
network
low complexity
qt opensuse CWE-532
7.5
2018-12-05 CVE-2018-19786 Information Exposure Through Log Files vulnerability in Hashicorp Vault
HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported.
network
high complexity
hashicorp CWE-532
8.1