Total
325 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-4327 | 1 Ibm | 1 Security Secret Server | 2020-06-29 | 5.3 Medium |
IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 177599. | ||||
CVE-2020-4341 | 1 Ibm | 1 Security Secret Server | 2020-06-29 | 5.3 Medium |
IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178181. | ||||
CVE-2019-19342 | 1 Redhat | 1 Ansible Tower | 2020-05-21 | 5.3 Medium |
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose will occur in plaintext. An attacker could easily guess some predictable passwords or brute force the password. | ||||
CVE-2020-5274 | 1 Sensiolabs | 1 Symfony | 2020-04-01 | 5.4 Medium |
In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the stacktrace is only display in debug configuration. This issue is patched in symfony/http-foundation versions 4.4.5 and 5.0.5 | ||||
CVE-2019-12446 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 7.5 High |
An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message. | ||||
CVE-2020-10097 | 1 Zammad | 1 Zammad | 2020-03-05 | 5.3 Medium |
An issue was discovered in Zammad 3.0 through 3.2. It may respond with verbose error messages that disclose internal application or infrastructure information. This information could aid attackers in successfully exploiting other vulnerabilities. | ||||
CVE-2018-21032 | 4 Hitachi, Linux, Microsoft and 1 more | 6 Automation Director, Compute Systems Manager, Device Manager and 3 more | 2020-02-27 | 4.3 Medium |
A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. Hitachi Command Suite includes Hitachi Device Manager and Hitachi Compute Systems Manager. | ||||
CVE-2019-19993 | 1 Seling | 1 Visual Access Manager | 2020-02-27 | 5.3 Medium |
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths. | ||||
CVE-2017-7945 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | N/A |
The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769. | ||||
CVE-2014-8161 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2020-01-31 | 4.3 Medium |
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message. | ||||
CVE-2019-4636 | 1 Ibm | 1 Security Secret Server | 2020-01-30 | 2.7 Low |
IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. IBM X-Force ID: 170013. | ||||
CVE-2020-7231 | 1 Evoko | 1 Home | 2020-01-28 | 5.3 Medium |
Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid. | ||||
CVE-2019-16768 | 1 Sylius | 1 Sylius | 2019-12-17 | 4.3 Medium |
In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may leak and be visible to the customer. A validation message with the exception details will be presented to the user when one will try to log into the shop. This has been patched in versions 1.3.14, 1.4.10, 1.5.7, and 1.6.3. | ||||
CVE-2013-6879 | 1 Miwisoft | 1 Mijosearch | 2019-12-04 | 5.3 Medium |
The Mijosoft MijoSearch component 2.0.1 and earlier for Joomla! allows remote attackers to obtain sensitive information via a request to component/mijosearch/search, which reveals the installation path in an error message. | ||||
CVE-2019-5483 | 1 Senecajs | 1 Seneca | 2019-10-09 | 5.3 Medium |
Seneca < 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users. | ||||
CVE-2018-17891 | 2 Carestream, Microsoft | 2 Carestream Vue Ris, Windows 8.1 | 2019-10-09 | N/A |
Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack. | ||||
CVE-2017-2659 | 1 Dropbear Ssh Project | 1 Dropbear Ssh | 2019-10-09 | N/A |
It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts. | ||||
CVE-2017-2594 | 1 Hawt | 1 Hawtio | 2019-10-09 | N/A |
hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root. | ||||
CVE-2016-9459 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2019-10-09 | N/A |
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as an HTML document. Thus any injected data in the log would be executed. | ||||
CVE-2019-4512 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2019-10-09 | 4.3 Medium |
IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554. |