Vulnerabilities > Information Exposure Through Log Files
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-10-26 | CVE-2017-15366 | Information Exposure Through Log Files vulnerability in Ndocsoftware Ndoc 7.4 Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. | 9.8 |
2017-10-20 | CVE-2017-6165 | Information Exposure Through Log Files vulnerability in F5 products In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the "/var/log/ltm" log file. | 9.8 |
2017-10-18 | CVE-2017-15572 | Information Exposure Through Log Files vulnerability in multiple products In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect. | 7.5 |
2017-09-18 | CVE-2017-0380 | Information Exposure Through Log Files vulnerability in Torproject TOR The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit. | 5.9 |
2017-08-01 | CVE-2017-11134 | Information Exposure Through Log Files vulnerability in Stashcat Heinekingmedia 1.7.5 An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. | 6.5 |
2017-07-25 | CVE-2015-3243 | Information Exposure Through Log Files vulnerability in Rsyslog rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron. | 5.5 |
2017-06-20 | CVE-2017-3744 | Information Exposure Through Log Files vulnerability in multiple products In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. | 6.5 |
2017-06-13 | CVE-2017-4955 | Information Exposure Through Log Files vulnerability in Pivotal Software Cloud Foundry Elastic Runtime An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. | 9.8 |
2017-05-09 | CVE-2016-6799 | Information Exposure Through Log Files vulnerability in Apache Cordova Product: Apache Cordova Android 5.2.2 and earlier. | 7.5 |
2017-04-23 | CVE-2017-8075 | Information Exposure Through Log Files vulnerability in Tp-Link Tl-Sg108E Firmware 1.1.2 On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. | 9.8 |