Total
993 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-1698 | 1 Redhat | 3 Keycloak, Openshift Application Runtimes, Red Hat Single Sign On | 2024-11-21 | 5 Medium |
| A flaw was found in keycloak in versions before 9.0.0. A logged exception in the HttpMethod class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality. | ||||
| CVE-2020-1624 | 1 Juniper | 1 Junos Os Evolved | 2024-11-21 | 5.5 Medium |
| A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1. | ||||
| CVE-2020-1623 | 1 Juniper | 1 Junos Os Evolved | 2024-11-21 | 5.5 Medium |
| A local, authenticated user with shell can view sensitive configuration information via the ev.ops configuration file. This issue affects all versions of Junos OS Evolved prior to 19.2R1. | ||||
| CVE-2020-1622 | 1 Juniper | 1 Junos Os Evolved | 2024-11-21 | 5.5 Medium |
| A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via the EvoSharedObjStore. This issue affects all versions of Junos OS Evolved prior to 19.1R1. | ||||
| CVE-2020-1621 | 1 Juniper | 1 Junos Os Evolved | 2024-11-21 | 5.5 Medium |
| A local, authenticated user with shell can obtain the hashed values of login passwords via configd traces. This issue affects all versions of Junos OS Evolved prior to 19.3R1. | ||||
| CVE-2020-1620 | 1 Juniper | 1 Junos Os Evolved | 2024-11-21 | 5.5 Medium |
| A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1. | ||||
| CVE-2020-15829 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.3 Medium |
| In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs. | ||||
| CVE-2020-15581 | 1 Google | 1 Android | 2024-11-21 | 5.3 Medium |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The kernel logging feature allows attackers to discover virtual addresses via vectors involving shared memory. The Samsung ID is SVE-2020-17605 (July 2020). | ||||
| CVE-2020-15380 | 1 Broadcom | 1 Sannav | 2024-11-21 | 7.5 High |
| Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level. | ||||
| CVE-2020-15370 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 6.5 Medium |
| Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files. | ||||
| CVE-2020-15095 | 4 Fedoraproject, Npmjs, Opensuse and 1 more | 6 Fedora, Npm, Leap and 3 more | 2024-11-21 | 4.4 Medium |
| Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files. | ||||
| CVE-2020-14470 | 1 Octopus | 1 Octopus Deploy | 2024-11-21 | 6.5 Medium |
| In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password. | ||||
| CVE-2020-14332 | 2 Debian, Redhat | 2 Debian Linux, Ansible Engine | 2024-11-21 | 5.5 Medium |
| A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality. | ||||
| CVE-2020-14330 | 2 Debian, Redhat | 2 Debian Linux, Ansible Engine | 2024-11-21 | 5 Medium |
| An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality. | ||||
| CVE-2020-13881 | 4 Arista, Canonical, Debian and 1 more | 4 Cloudvision Portal, Ubuntu Linux, Debian Linux and 1 more | 2024-11-21 | 7.5 High |
| In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. | ||||
| CVE-2020-13830 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on Samsung mobile devices with P(9.0) software. One UI HOME logging can leak information. The Samsung ID is SVE-2019-16382 (June 2020). | ||||
| CVE-2020-13223 | 1 Hashicorp | 1 Vault | 2024-11-21 | 7.5 High |
| HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2. | ||||
| CVE-2020-11968 | 1 Evenroute | 2 Iqrouter, Iqrouter Firmware | 2024-11-21 | 7.5 High |
| In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time” | ||||
| CVE-2020-11932 | 1 Canonical | 1 Subiquity | 2024-11-21 | 2.3 Low |
| It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered. | ||||
| CVE-2020-11646 | 1 Br-automation | 6 Gatemanager 4260, Gatemanager 4260 Firmware, Gatemanager 8250 and 3 more | 2024-11-21 | 4.3 Medium |
| A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information reserved for other users. | ||||