CVE-2020-0658

An information disclosure vulnerability exists in the Windows Common Log File System CLFS driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'...

CVE-2020-0639

An information disclosure vulnerability exists in the Windows Common Log File System CLFS driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0615...

CVE-2020-14518

Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker...

CVE-2020-0657

An elevation of privilege vulnerability exists when the Windows Common Log File System CLFS driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'...

CVE-2020-15334

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file...

CVE-2020-9451

An issue was discovered in Acronis True Image 2020 24.5.22510. antiransomwareservice.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predictable pattern, allowing an unprivileged user to create a hardlink from a not yet created log file to...

CVE-2020-26106

cPanel before 88.0.3 has weak permissions world readable for the proxy subdomains log file SEC-558...

CVE-2012-2630

The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log file, which allows remote attackers to obtain sensitive information via a crafted application...

CVE-2013-4272

The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain sensitive information such as usernames and...

CVE-2019-17511

There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can get the router's log file via logget.php, which could be used to discover the intranet network structure...

CVE-2019-17512

There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can clear the router's log file via act=clear=sysact to logclear.php, which could be used to erase attack traces...

CVE-2019-8463

A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations...

CVE-2019-6656

BIG-IP APM Edge Client before version 7.1.8 7180.2019.508.705 logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM...

CVE-2019-1214

An elevation of privilege vulnerability exists when the Windows Common Log File System CLFS driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'...

CVE-2019-1010308

Aquaverde GmbH Aquarius CMS prior to version 4.1.1 is affected by: Incorrect Access Control. The impact is: The access to the log file is not restricted. It contains sensitive information like passwords etc. The component is: log file. The attack vector is: open the file...

CVE-2017-18912

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file...

CVE-2011-5066

The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus SIB dump operation involving the First Failure Data Capture FFDC introspection code, which allows local users to...

CVE-2010-2326

IBM WebSphere Application Server WAS 7.0 before 7.0.0.11, when addNode -trace is used during node federation, allows attackers to obtain sensitive information about CIMMetadataCollectorImpl trace actions by reading the addNode.log file...

CVE-2019-13988

Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows attackers to read log files via a Direct Request aka Forced Browsing...

CVE-2019-1282

An information disclosure exists in the Windows Common Log File System CLFS driver when it fails to properly handle sandbox checks, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'...