Vulnerabilities > Information Exposure Through Log Files
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-25 | CVE-2017-16946 | Information Exposure Through Log Files vulnerability in Misp 2.4.82 The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log. | 4.9 |
| 2017-11-21 | CVE-2017-7550 | Information Exposure Through Log Files vulnerability in Redhat Ansible and Enterprise Linux Server A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. | 9.8 |
| 2017-11-03 | CVE-2017-1000171 | Information Exposure Through Log Files vulnerability in Mahara Mobile 1.2.0 Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text. | 9.8 |
| 2017-10-26 | CVE-2017-15366 | Information Exposure Through Log Files vulnerability in Ndocsoftware Ndoc 7.4 Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. | 9.8 |
| 2017-10-20 | CVE-2017-6165 | Information Exposure Through Log Files vulnerability in F5 products In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the "/var/log/ltm" log file. | 9.8 |
| 2017-10-18 | CVE-2017-15572 | Information Exposure Through Log Files vulnerability in multiple products In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect. | 7.5 |
| 2017-09-18 | CVE-2017-0380 | Information Exposure Through Log Files vulnerability in Torproject TOR The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit. | 5.9 |
| 2017-08-01 | CVE-2017-11134 | Information Exposure Through Log Files vulnerability in Stashcat Heinekingmedia 1.7.5 An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. | 6.5 |
| 2017-07-25 | CVE-2015-3243 | Information Exposure Through Log Files vulnerability in Rsyslog rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron. | 5.5 |
| 2017-06-20 | CVE-2017-3744 | Information Exposure Through Log Files vulnerability in multiple products In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. | 6.5 |