38 matches found
CVE-2024-40679
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions...
Security Bulletin: Vulnerabilities have been identified with the DS8900F Hardware Management Console (HMC)
Summary The updates indicated below have been released to address the following vulnerabilities: CVE-2023-46169 Arbitrary file deletion, CVE-2023-46171 view sensitive log information, CVE-2023-46172 Bypass authentication restrictions for authorized user, CVE-2023-46170 Arbitrary file read ,...
CVE-2023-46171
IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to view sensitive log information after enumerating filenames. IBM X-Force ID: 269408...
CVE-2023-46171
CVE-2023-46171 affects IBM DS8900F HMC. An authenticated user could view sensitive log information after enumerating filenames. Affected product scope includes DS8900F HMC firmware/microcode versions in R9.2 and R9.3 lines (e.g., 89.22.19.0; 89.30.68.0; 89.32.40.0; 89.33.48.0; 89.21.x series). Ro...
CVE-2023-27256
Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers...
Authentication flaw
Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers...
CVE-2023-27256 Missing Authentication In IDAttend’s IDWeb Application
Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers...
CVE-2023-32455
Dell Wyse ThinOS versions prior to 2208 9.3.2102 contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files...
CVE-2020-4528
IBM MQ Appliance IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 through 2018.4.1.12 could allow a local user, under special conditions, to obtain highly sensitive information from log files. IBM X-Force ID: 182658...
CVE-2020-3447
A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance ESA and Cisco AsyncOS for Cisco Content Security Management Appliance SMA could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to excessive...
Cisco DNA Center Information Disclosure Vulnerability
Cisco Digital Network Architecture Center DNA Center is a set of digital network architecture solutions from the U.S. company Cisco Cisco. The program can extend and protect devices, applications, etc. within the network. An information disclosure vulnerability exists in Cisco DNA Center. The...
CVE-2017-6786
A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affected system. The vulnerability is due to improper protection of sensitive log files. An attacker...
CVE-2015-5713
Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote attackers to obtain sensitive log information by visiting...
Code injection
Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote attackers to obtain sensitive log information by visiting...
CVE-2015-5713
Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote attackers to obtain sensitive log information by visiting...
Improper access control
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests...
NetWin DMail Server Multiple Remote Vulnerabilities
The installation of NetWin DMail on the remote host suffers from an authentication bypass vulnerability in its mailing list server component, DList, and a format string vulnerability in the SMTP server component, DSmtp. An attacker can exploit the first to reveal potentially sensitive log...
Trend Micro Virus Control System 1.8 - Information Disclosure
Trend Micro Virus Control System 1.8 - Information Disclosure source: https://www.securityfocus.com/bid/6618/info An information disclosure vulnerability has been reported for TVCS. Reportedly, it is possible for an attacker to access the log files generated by TVCS. The log files contain very...