Show filters
167 Total Results
Displaying 21-30 of 167
Sort by:
Attacker Value
Unknown

CVE-2021-37759

Disclosure Date: July 31, 2021 (last updated February 23, 2025)
A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
Attacker Value
Unknown

CVE-2021-37760

Disclosure Date: July 31, 2021 (last updated February 23, 2025)
A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
Attacker Value
Unknown

CVE-2021-28131

Disclosure Date: July 22, 2021 (last updated February 23, 2025)
Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the attacker is able to execute statements for which they don't have the necessary privileges otherwise. Impala deployments with Apache Sentry or Apache Ranger authorization enabled may be vulnerable to privilege escalation if an authenticated attacker is able to hijack a session or query from another authenticated user with privileges not assigned to the attacker. Impala deployments with audit logging enabled may be vulnerable to incorrect audit logging as a user could undertake actions that were logged under the name of a different authenticated user. Constructing an attack requires a high degree of technical sophistication and access to the Impala system as an authenticated user. Mitigation: I…
Attacker Value
Unknown

CVE-2021-21601

Disclosure Date: July 22, 2021 (last updated February 23, 2025)
Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account.
Attacker Value
Unknown

CVE-2020-21933

Disclosure Date: July 21, 2021 (last updated February 23, 2025)
An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n where the admin password and private key could be found in the log tar package.
Attacker Value
Unknown

CVE-2021-21598

Disclosure Date: July 21, 2021 (last updated February 23, 2025)
Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability. An authenticated attacker with physical access to the system could exploit this vulnerability to read sensitive Smartcard data in log files.
Attacker Value
Unknown

CVE-2021-21597

Disclosure Date: July 21, 2021 (last updated February 23, 2025)
Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclosure Vulnerability. An authenticated malicious user with physical access to the system could exploit this vulnerability to read sensitive information written to the log files.
Attacker Value
Unknown

CVE-2020-23284

Disclosure Date: July 20, 2021 (last updated February 23, 2025)
Information disclosure in aspx pages in MV's IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals internal and sensitive information without logging into the web application.
Attacker Value
Unknown

CVE-2021-32767

Disclosure Date: July 20, 2021 (last updated February 23, 2025)
TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 versions 9.5.28, 10.4.18, 11.3.1 contain a patch for this vulnerability.
Attacker Value
Unknown

CVE-2021-34689

Disclosure Date: July 15, 2021 (last updated February 23, 2025)
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files.