Vulnerabilities > Information Exposure Through Log Files
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-05 | CVE-2017-1198 | Information Exposure Through Log Files vulnerability in IBM Bigfix Compliance 1.7/1.8/1.9.91 IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. | 5.3 |
| 2019-01-28 | CVE-2018-19014 | Information Exposure Through Log Files vulnerability in Draeger products Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. | 6.5 |
| 2019-01-15 | CVE-2019-0029 | Information Exposure Through Log Files vulnerability in Juniper Advanced Threat Prevention Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. | 7.8 |
| 2019-01-15 | CVE-2019-0021 | Information Exposure Through Log Files vulnerability in Juniper Advanced Threat Prevention On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information. | 5.5 |
| 2019-01-15 | CVE-2019-0004 | Information Exposure Through Log Files vulnerability in Juniper Advanced Threat Prevention On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. | 5.5 |
| 2019-01-02 | CVE-2019-3500 | Information Exposure Through Log Files vulnerability in multiple products aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. | 7.8 |
| 2018-12-28 | CVE-2018-15004 | Information Exposure Through Log Files vulnerability in Coolpad Canvas Firmware 7.0 The Coolpad Canvas device with a build fingerprint of Coolpad/cp3636a/cp3636a:7.0/NRD90M/093031423:user/release-keys contains a platform app with a package name of com.qualcomm.qti.modemtestmode (versionCode=24, versionName=7.0) that contains an exported service app component named com.qualcomm.qti.modemtestmode.MbnTestService that allows any app on the device to set certain system properties as the com.android.phone user. | 5.9 |
| 2018-12-28 | CVE-2018-15002 | Information Exposure Through Log Files vulnerability in Vivo V7 Firmware 7.1.2 The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys allows any app co-located on the device to set system properties as the com.android.phone user. | 4.7 |
| 2018-12-28 | CVE-2018-15001 | Information Exposure Through Log Files vulnerability in Vivo V7 Firmware 1.0 The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.bsptest (versionCode=1, versionName=1.0) containing an exported activity app component named com.vivo.bsptest.BSPTestActivity that allows any app co-located on the device to initiate the writing of the logcat log, bluetooth log, and kernel log to external storage. | 5.5 |
| 2018-12-28 | CVE-2018-14995 | Information Exposure Through Log Files vulnerability in Zteusa products The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of ZTE/Z971/peony:7.1.1/NMF26V/20171129.143111:user/release-keys, the ZTE ZMAX Pro Android device with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contain a pre-installed platform app with a package name of com.android.modem.service (versionCode=25, versionName=7.1.1; versionCode=23, versionName=6.0.1) that exports an interface to any app on co-located on the device. | 4.7 |