Total
325 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-23689 | 1 Clickhouse | 1 Java Libraries | 2024-01-26 | 8.8 High |
Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when 'sslkey' is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message. | ||||
CVE-2023-49107 | 3 Hitachi, Linux, Microsoft | 3 Device Manager, Linux Kernel, Windows | 2024-01-23 | 7.5 High |
Generation of Error Message Containing Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent modules).This issue affects Hitachi Device Manager: before 8.8.5-04. | ||||
CVE-2018-10624 | 1 Johnsoncontrols | 2 Bcpro, Metasys System | 2024-01-23 | N/A |
In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information. | ||||
CVE-2023-48393 | 1 Kaifa | 1 Webitr Attendance System | 2024-01-17 | 4.3 Medium |
Kaifa Technology WebITR is an online attendance system. A remote attacker with regular user privilege can obtain partial sensitive system information from error message. | ||||
CVE-2022-0563 | 2 Kernel, Netapp | 2 Util-linux, Ontap Select Deploy Administration Utility | 2024-01-07 | 5.5 Medium |
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. | ||||
CVE-2023-45701 | 1 Hcltechsw | 1 Hcl Launch | 2024-01-04 | 6.5 Medium |
HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||||
CVE-2023-27319 | 1 Netapp | 1 Ontap Mediator | 2024-01-03 | 5.3 Medium |
ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API. | ||||
CVE-2021-3620 | 1 Redhat | 9 Ansible Automation Platform Early Access, Ansible Engine, Enterprise Linux and 6 more | 2023-12-28 | 5.5 Medium |
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. | ||||
CVE-2023-42013 | 1 Ibm | 1 Urbancode Deploy | 2023-12-27 | 5.3 Medium |
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510. | ||||
CVE-2023-47703 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2023-12-22 | 5.3 Medium |
IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 271197. | ||||
CVE-2023-6839 | 1 Wso2 | 1 Api Manager | 2023-12-21 | 5.3 Medium |
Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response. | ||||
CVE-2018-2379 | 1 Sap | 1 Hana Extended Application Services | 2023-12-21 | N/A |
In SAP HANA Extended Application Services, 1.0, an unauthenticated user could test if a given username is valid by evaluating error messages of a specific endpoint. | ||||
CVE-2023-49878 | 1 Ibm | 6 Virtualization Engine Ts7760 3957-vec, Virtualization Engine Ts7760 3957-vec Firmware, Virtualization Engine Ts7770 3948-ved and 3 more | 2023-12-19 | 4.3 Medium |
IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 272652. | ||||
CVE-2023-31048 | 1 Opcfoundation | 1 Ua-.netstandard | 2023-12-18 | 5.3 Medium |
The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely. | ||||
CVE-2023-49080 | 1 Jupyter | 1 Jupyter Server | 2023-12-14 | 4.3 Medium |
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information. There is no known mechanism by which to trigger these errors without authentication, so the paths revealed are not considered particularly sensitive, given that the requesting user has arbitrary execution permissions already in the same environment. A fix has been introduced in commit `0056c3aa52` which no longer includes traceback information in JSON error responses. For compatibility, the traceback field is present, but always empty. This commit has been included in version 2.11.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
CVE-2023-43021 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-12-04 | 5.3 Medium |
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 266167. | ||||
CVE-2023-47636 | 1 Pimcore | 1 Admin Classic Bundle | 2023-11-22 | 5.3 Medium |
The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injection) query to view the page source, require the attacker to have the full path to the file they wish to view. In the case of pimcore, the fopen() function here doesn't have an error handle when the file doesn't exist on the server so the server response raises the full path "fopen(/var/www/html/var/tmp/export-{ uniqe id}.csv)". This issue has been patched in commit `10d178ef771` which has been included in release version 1.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
CVE-2023-46240 | 1 Codeigniter | 1 Codeigniter | 2023-11-08 | 7.5 High |
CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace `ini_set('display_errors', '0')` with `ini_set('display_errors', 'Off')` in `app/Config/Boot/production.php`. | ||||
CVE-2023-5514 | 1 Hitachienergy | 1 Esoms | 2023-11-08 | 5.3 Medium |
The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure. | ||||
CVE-2023-40767 | 1 Phpjabbers | 1 Make An Offer Widget | 2023-11-07 | 9.8 Critical |
User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. |