Total
325 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-4166 | 1 Ibm | 1 Security Guardium Insights | 2020-08-28 | 5.3 Medium |
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 174402. | ||||
CVE-2019-4699 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2020-08-27 | 2.7 Low |
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931. | ||||
CVE-2019-7550 | 1 Jforum | 1 Jforum | 2020-08-24 | N/A |
In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the "create user" function. If a register/check/username?username= request corresponds to a username that exists, then an "is already in use" error is produced. NOTE: this product is discontinued. | ||||
CVE-2019-7644 | 1 Auth0 | 1 Auth0-wcf-service-jwt | 2020-08-24 | N/A |
Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application. | ||||
CVE-2019-6792 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.3 Medium |
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information. | ||||
CVE-2019-6122 | 1 Nicehash | 1 Miner | 2020-08-24 | 3.1 Low |
A Username Enumeration via Error Message issue was discovered in NiceHash Miner before 2.0.3.0 because an "EMAIL DOES NOT EXIST" error message occurs whenever a submitted email address is incorrect, but there is a different error message for invalid credentials with a correct email address. | ||||
CVE-2019-4619 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, Mq and 5 more | 2020-08-24 | 5.5 Medium |
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862. | ||||
CVE-2019-4601 | 1 Ibm | 1 Rational Quality Manager | 2020-08-24 | 4.3 Medium |
IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to obtain sensitive information from a stack trace that could aid in further attacks against the system. | ||||
CVE-2019-4593 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2020-08-24 | 4.3 Medium |
IBM QRadar 7.3.0 to 7.3.3 Patch 2 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-ForceID: 167743. | ||||
CVE-2019-4583 | 1 Ibm | 1 Maximo Asset Management | 2020-08-24 | 4.3 Medium |
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 167289. | ||||
CVE-2019-4570 | 1 Ibm | 1 Tivoli Netcool\/impact | 2020-08-24 | 5.3 Medium |
IBM Tivoli Netcool Impact 7.1.0 through 7.1.0.16 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 166720. | ||||
CVE-2019-11602 | 1 Bosch | 2 Iot Gateway Software, Prosyst Mbs Sdk | 2020-08-24 | N/A |
Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure. | ||||
CVE-2019-1020013 | 1 Parseplatform | 1 Parse-server | 2020-08-24 | N/A |
parse-server before 3.6.0 allows account enumeration. | ||||
CVE-2019-0404 | 1 Sap | 1 Enable Now | 2020-08-24 | 7.5 High |
SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure. | ||||
CVE-2018-14907 | 1 3cx | 1 3cx Web Server | 2020-08-24 | N/A |
The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname. | ||||
CVE-2018-12886 | 1 Gnu | 1 Gcc | 2020-08-24 | N/A |
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against. | ||||
CVE-2020-14337 | 1 Redhat | 1 Ansible Tower | 2020-08-11 | 5.8 Medium |
A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default organization and verify existing usernames. The highest threat from this vulnerability is to data confidentiality. | ||||
CVE-2020-15132 | 1 Sulu | 1 Sulu | 2020-08-07 | 5.3 Medium |
In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found, a response with a `400` error code is returned, along with a error message saying that this user name does not exist. This enables attackers to retrieve valid usernames. Also, the response of the "Forgot Password" request returns the email address to which the email was sent, if the operation was successful. This information should not be exposed, as it can be used to gather email addresses. This problem was fixed in versions 1.6.35, 2.0.10 and 2.1.1. | ||||
CVE-2020-8213 | 1 Ui | 1 Unifi Protect | 2020-08-05 | 5.3 Medium |
An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP response code and response timing. | ||||
CVE-2019-11252 | 1 Kubernetes | 1 Kubernetes | 2020-07-28 | 6.5 Medium |
The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes. |