Vulnerabilities > Information Exposure Through Log Files

DATE CVE VULNERABILITY TITLE RISK
2017-10-26 CVE-2017-15366 Information Exposure Through Log Files vulnerability in Ndocsoftware Ndoc 7.4
Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password.
network
low complexity
ndocsoftware CWE-532
critical
9.8
2017-10-20 CVE-2017-6165 Information Exposure Through Log Files vulnerability in F5 products
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the "/var/log/ltm" log file.
network
low complexity
f5 CWE-532
critical
9.8
2017-10-18 CVE-2017-15572 Information Exposure Through Log Files vulnerability in multiple products
In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect.
network
low complexity
redmine debian CWE-532
7.5
2017-09-18 CVE-2017-0380 Information Exposure Through Log Files vulnerability in Torproject TOR
The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit.
network
high complexity
torproject CWE-532
5.9
2017-08-01 CVE-2017-11134 Information Exposure Through Log Files vulnerability in Stashcat Heinekingmedia 1.7.5
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android.
network
low complexity
stashcat CWE-532
6.5
2017-07-25 CVE-2015-3243 Information Exposure Through Log Files vulnerability in Rsyslog
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.
local
low complexity
rsyslog CWE-532
5.5
2017-06-20 CVE-2017-3744 Information Exposure Through Log Files vulnerability in multiple products
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running.
network
low complexity
lenovo ibm CWE-532
6.5
2017-06-13 CVE-2017-4955 Information Exposure Through Log Files vulnerability in Pivotal Software Cloud Foundry Elastic Runtime
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5.
network
low complexity
pivotal-software CWE-532
critical
9.8
2017-05-09 CVE-2016-6799 Information Exposure Through Log Files vulnerability in Apache Cordova
Product: Apache Cordova Android 5.2.2 and earlier.
network
low complexity
apache CWE-532
7.5
2017-04-23 CVE-2017-8075 Information Exposure Through Log Files vulnerability in Tp-Link Tl-Sg108E Firmware 1.1.2
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext.
network
low complexity
tp-link CWE-532
critical
9.8