CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-532

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2023-22733 532 2023-01-17 2023-01-25
0.0
None ??? ??? ??? ??? ??? ???
Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would write out all kind of sent mails. An attacker with access to either the local system logs or a centralized logging store may have access to other users accounts. This issue has been addressed in version 6.4.18.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. Users unable to upgrade may remove from all users the log module ACL rights or disable logging.
2 CVE-2022-44745 532 +Info 2022-11-07 2022-11-08
0.0
None ??? ??? ??? ??? ??? ???
Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
3 CVE-2022-44624 532 2022-11-03 2022-11-03
0.0
None ??? ??? ??? ??? ??? ???
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters
4 CVE-2022-43887 532 Bypass 2022-12-19 2022-12-23
0.0
None ??? ??? ??? ??? ??? ???
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.
5 CVE-2022-43673 532 2022-11-18 2022-11-23
0.0
None ??? ??? ??? ??? ??? ???
Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the AppData\Roaming\Wire\IndexedDB\https_app.wire.com_0.indexeddb.leveldb database.
6 CVE-2022-41618 532 2022-11-18 2022-11-28
0.0
None ??? ??? ??? ??? ??? ???
Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress.
7 CVE-2022-41553 532 2022-11-01 2023-01-17
0.0
None ??? ??? ??? ??? ??? ???
Insertion of Sensitive Information into Temporary File vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer probe component) allows local users to gain sensitive information. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00.
8 CVE-2022-40979 532 2022-09-23 2022-09-26
0.0
None ??? ??? ??? ??? ??? ???
In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable
9 CVE-2022-39897 532 2022-12-08 2022-12-09
0.0
None ??? ??? ??? ??? ??? ???
Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address information via log.
10 CVE-2022-39893 532 2022-11-09 2022-11-10
0.0
None ??? ??? ??? ??? ??? ???
Sensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751 allows local attackers with log access permission to get device identifier data through device log.
11 CVE-2022-39876 532 2022-10-07 2022-10-11
0.0
None ??? ??? ??? ??? ??? ???
Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI.
12 CVE-2022-39874 532 +Info 2022-10-07 2022-10-11
0.0
None ??? ??? ??? ??? ??? ???
Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.
13 CVE-2022-39821 532 2022-09-13 2022-10-01
0.0
None ??? ??? ??? ??? ??? ???
In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem.
14 CVE-2022-39046 532 2022-08-31 2022-12-08
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.
15 CVE-2022-38756 532 2022-12-16 2022-12-22
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies.
16 CVE-2022-38149 532 2022-08-17 2022-09-01
0.0
None ??? ??? ??? ??? ??? ???
HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the *template.Template.Execute method, when given a template using Vault secret contents incorrectly. Fixed in 0.27.3, 0.28.3, and 0.29.2.
17 CVE-2022-38133 532 2022-08-10 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases
18 CVE-2022-36877 532 2022-09-09 2022-09-21
0.0
None ??? ??? ??? ??? ??? ???
Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log.
19 CVE-2022-36321 532 2022-07-20 2022-07-27
0.0
None ??? ??? ??? ??? ??? ???
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases
20 CVE-2022-35719 532 2022-11-14 2022-11-16
0.0
None ??? ??? ??? ??? ??? ???
IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user.
21 CVE-2022-34369 532 2022-09-02 2022-09-08
0.0
None ??? ??? ??? ??? ??? ???
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data.
22 CVE-2022-33911 532 +Info 2022-07-12 2022-07-18
5.0
None Remote Low Not required Partial None None
An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information.
23 CVE-2022-33878 532 +Info 2022-11-02 2022-11-04
0.0
None ??? ??? ??? ??? ??? ???
An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal.
24 CVE-2022-33737 532 2022-07-06 2022-07-15
5.0
None Remote Low Not required Partial None None
The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password
25 CVE-2022-33697 532 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.
26 CVE-2022-33693 532 2022-07-12 2022-07-15
2.1
None Local Low Not required Partial None None
Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.
27 CVE-2022-33688 532 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.
28 CVE-2022-33687 532 2022-07-12 2022-07-16
2.1
None Local Low Not required Partial None None
Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log.
29 CVE-2022-33187 532 2022-12-09 2022-12-12
0.0
None ??? ??? ??? ??? ??? ???
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information.
30 CVE-2022-32565 532 2022-06-13 2022-06-22
5.0
None Remote Low Not required Partial None None
An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids.
31 CVE-2022-32556 532 2022-07-21 2022-07-27
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log files with certain crashes.
32 CVE-2022-32254 532 2022-06-14 2022-06-23
5.0
None Remote Low Not required Partial None None
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker.
33 CVE-2022-32217 532 +Info 2022-09-23 2022-09-27
0.0
None ??? ??? ??? ??? ??? ???
A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs.
34 CVE-2022-32193 532 2022-06-13 2022-06-22
3.5
None Remote Medium ??? Partial None None
Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor.
35 CVE-2022-31674 532 2022-08-10 2022-08-15
0.0
None ??? ??? ??? ??? ??? ???
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.
36 CVE-2022-31239 532 2022-10-21 2022-10-24
0.0
None ??? ??? ??? ??? ??? ???
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data.
37 CVE-2022-31186 532 +Info 2022-08-01 2022-08-09
0.0
None ??? ??? ??? ??? ??? ???
NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in `next-auth` before `v4.10.2` and `v3.29.9` allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log (which is thrown during OAuth error handling) and use it to leverage further attacks on the system, like impersonating the client to ask for extensive permissions. This issue has been patched in `v4.10.2` and `v3.29.9` by moving the log for `provider` information to the debug level. In addition, we added a warning for having the `debug: true` option turned on in production. If for some reason you cannot upgrade, you can user the `logger` configuration option by sanitizing the logs.
38 CVE-2022-31119 532 2022-08-04 2022-08-10
0.0
None ??? ??? ??? ??? ??? ???
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is recommended that the Nextcloud Mail is upgraded to 1.12.1. Operators should inspect their logs and remove passwords which have been logged. There are no workarounds to prevent logging in the event of a misconfiguration.
39 CVE-2022-31098 532 2022-06-27 2022-07-11
4.3
None Remote Medium Not required Partial None None
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of registered Kubernetes clusters, including the service account tokens in plain text from Weave GitOps's pod logs on the management cluster. An unauthorized remote attacker can also view these sensitive configurations from external log storage if enabled by the management cluster. This vulnerability is due to the client factory dumping cluster configurations and their service account tokens when the cluster manager tries to connect to an API server of a registered cluster, and a connection error occurs. An attacker could exploit this vulnerability by either accessing logs of a pod of Weave GitOps, or from external log storage and obtaining all cluster configurations of registered clusters. A successful exploit could allow the attacker to use those cluster configurations to manage the registered Kubernetes clusters. This vulnerability has been fixed by commit 567356f471353fb5c676c77f5abc2a04631d50ca. Users should upgrade to Weave GitOps core version v0.8.1-rc.6 or newer. There is no known workaround for this vulnerability.
40 CVE-2022-31047 532 2022-06-14 2022-06-23
4.0
None Remote Low ??? Partial None None
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem.
41 CVE-2022-30742 532 2022-06-07 2022-06-13
2.1
None Local Low Not required Partial None None
Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log.
42 CVE-2022-30741 532 2022-06-07 2022-06-13
2.1
None Local Low Not required Partial None None
Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log.
43 CVE-2022-30733 532 2022-06-07 2022-06-11
5.0
None Remote Low Not required Partial None None
Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission.
44 CVE-2022-30148 532 2022-06-15 2022-06-27
2.1
None Local Low Not required Partial None None
Windows Desired State Configuration (DSC) Information Disclosure Vulnerability.
45 CVE-2022-29928 532 2022-05-12 2022-05-23
4.0
None Remote Low ??? Partial None None
In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible
46 CVE-2022-29810 532 2022-04-27 2022-10-06
2.1
None Local Low Not required Partial None None
The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter.
47 CVE-2022-29550 532 2022-08-18 2022-09-15
0.0
None ??? ??? ??? ??? ??? ???
** DISPUTED ** An issue was discovered in Qualys Cloud Agent 4.8.0-49. It writes "ps auxwwe" output to the /var/log/qualys/qualys-cloud-agent-scan.log file. This may, for example, unexpectedly write credentials (from environment variables) to disk in cleartext. NOTE: there are no common circumstances in which qualys-cloud-agent-scan.log can be read by a user other than root; however, the file contents could be exposed through site-specific operational practices. The vendor does NOT characterize this as a vulnerability because the ps data collection is intentional, and would only capture credentials on a machine that was already affected by the CWE-214 weakness.
48 CVE-2022-28859 532 2022-05-05 2022-05-13
4.0
None Remote Low ??? Partial None None
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions prior to 14.1.4.6, when installing Net HSM, the scripts (nethsm-safenet-install.sh and nethsm-thales-install.sh) expose the Net HSM partition password. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
49 CVE-2022-28774 532 2022-05-11 2022-10-26
1.9
None Local Medium Not required Partial None None
Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.
50 CVE-2022-28625 532 2022-08-31 2022-09-07
0.0
None ??? ??? ??? ??? ??? ???
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView.
Total number of vulnerabilities : 451   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.