How severe is CVE-2017-0380?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2017-0380?

This is classified as CWE-532, which is a common weakness in software security.

CVE-2017-0380 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit.

Related Vulnerabilities

CVE-2017-6139

MEDIUM

CVSS:5.9(Medium)

In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers ru...

CWE-5322017

CVE-2018-10855

MEDIUM

CVSS:5.9(Medium)

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged,...

CWE-5322018

CVE-2018-15004

MEDIUM

CVSS:5.9(Medium)

The Coolpad Canvas device with a build fingerprint of Coolpad/cp3636a/cp3636a:7.0/NRD90M/093031423:user/release-keys contains a platform app with a package name of com.qualcomm.qti.modemtestmode (vers...

CWE-5322018

CVE-2018-16095

MEDIUM

CVSS:5.9(Medium)

In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails.

CWE-5322018

CVE-2019-10194

MEDIUM

CVSS:5.9(Medium)

Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with...

CWE-5322019

CVE-2019-6158

MEDIUM

CVSS:5.9(Medium)

An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentia...

CWE-5322019