Search
Total
135 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4619 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, Mq and 5 more | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862. | |||||
| CVE-2019-4420 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2020-08-24 | 2.1 LOW | 6.2 MEDIUM |
| IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738. | |||||
| CVE-2019-4485 | 1 Ibm | 3 Emptoris Contract Management, Emptoris Sourcing, Emptoris Spend Analysis | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069. | |||||
| CVE-2019-4484 | 1 Ibm | 3 Emptoris Contract Management, Emptoris Sourcing, Emptoris Spend Analysis | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068. | |||||
| CVE-2019-4377 | 1 Ibm | 1 Sterling B2b Integrator | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID: 162803. | |||||
| CVE-2019-4308 | 1 Ibm | 3 Emptoris Contract Management, Emptoris Sourcing, Emptoris Spend Analysis | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034. | |||||
| CVE-2019-4257 | 1 Ibm | 3 Infosphere Information Analyzer, Infosphere Information Governance Catalog, Infosphere Information Server On Cloud | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability. Sensitive information in an error message may be used to conduct further attacks against the system. IBM X-Force ID: 159945. | |||||
| CVE-2019-4219 | 1 Ibm | 1 Security Information Queue | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 159228. | |||||
| CVE-2019-4129 | 1 Ibm | 1 Spectrum Protect Operations Center | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to obtain sensitive information, caused by an error message containing a stack trace. By creating an error with a stack trace, an attacker could exploit this vulnerability to potentially obtain details on the Operations Center architecture. IBM X-Force ID: 158279. | |||||
| CVE-2019-13697 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2019-12215 | 1 Matomo | 1 Matomo | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| ** DISPUTED ** A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this issue, stating "avoid reporting path disclosures, as we don't consider them as security vulnerabilities." | |||||
| CVE-2019-11602 | 1 Bosch | 2 Iot Gateway Software, Prosyst Mbs Sdk | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure. | |||||
| CVE-2019-1020013 | 1 Parseplatform | 1 Parse-server | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| parse-server before 3.6.0 allows account enumeration. | |||||
| CVE-2018-14907 | 1 3cx | 1 3cx Web Server | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname. | |||||
| CVE-2020-14337 | 1 Redhat | 1 Ansible Tower | 2020-08-11 | 5.0 MEDIUM | 5.8 MEDIUM |
| A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default organization and verify existing usernames. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2020-15132 | 1 Sulu | 1 Sulu | 2020-08-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found, a response with a `400` error code is returned, along with a error message saying that this user name does not exist. This enables attackers to retrieve valid usernames. Also, the response of the "Forgot Password" request returns the email address to which the email was sent, if the operation was successful. This information should not be exposed, as it can be used to gather email addresses. This problem was fixed in versions 1.6.35, 2.0.10 and 2.1.1. | |||||
| CVE-2020-8213 | 1 Ui | 1 Unifi Protect | 2020-08-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP response code and response timing. | |||||
| CVE-2019-11252 | 1 Kubernetes | 1 Kubernetes | 2020-07-28 | 5.0 MEDIUM | 6.5 MEDIUM |
| The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes. | |||||
| CVE-2020-4327 | 1 Ibm | 1 Security Secret Server | 2020-06-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 177599. | |||||
| CVE-2020-4341 | 1 Ibm | 1 Security Secret Server | 2020-06-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178181. | |||||
| CVE-2019-19342 | 1 Redhat | 1 Ansible Tower | 2020-05-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose will occur in plaintext. An attacker could easily guess some predictable passwords or brute force the password. | |||||
| CVE-2020-5274 | 1 Sensiolabs | 1 Symfony | 2020-04-01 | 5.5 MEDIUM | 5.4 MEDIUM |
| In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the stacktrace is only display in debug configuration. This issue is patched in symfony/http-foundation versions 4.4.5 and 5.0.5 | |||||
| CVE-2020-10097 | 1 Zammad | 1 Zammad | 2020-03-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Zammad 3.0 through 3.2. It may respond with verbose error messages that disclose internal application or infrastructure information. This information could aid attackers in successfully exploiting other vulnerabilities. | |||||
| CVE-2018-21032 | 4 Hitachi, Linux, Microsoft and 1 more | 6 Automation Director, Compute Systems Manager, Device Manager and 3 more | 2020-02-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. Hitachi Command Suite includes Hitachi Device Manager and Hitachi Compute Systems Manager. | |||||
| CVE-2019-19993 | 1 Seling | 1 Visual Access Manager | 2020-02-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths. | |||||
| CVE-2014-8161 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2020-01-31 | 4.0 MEDIUM | 4.3 MEDIUM |
| PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message. | |||||
| CVE-2020-7231 | 1 Evoko | 1 Home | 2020-01-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid. | |||||
| CVE-2019-16768 | 1 Sylius | 1 Sylius | 2019-12-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may leak and be visible to the customer. A validation message with the exception details will be presented to the user when one will try to log into the shop. This has been patched in versions 1.3.14, 1.4.10, 1.5.7, and 1.6.3. | |||||
| CVE-2013-6879 | 1 Miwisoft | 1 Mijosearch | 2019-12-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Mijosoft MijoSearch component 2.0.1 and earlier for Joomla! allows remote attackers to obtain sensitive information via a request to component/mijosearch/search, which reveals the installation path in an error message. | |||||
| CVE-2019-5483 | 1 Senecajs | 1 Seneca | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Seneca < 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users. | |||||
| CVE-2019-4441 | 1 Ibm | 1 Websphere Application Server | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177. | |||||
| CVE-2019-4512 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554. | |||||
| CVE-2017-1370 | 1 Ibm | 1 Jazz Reporting Service | 2019-10-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863. | |||||
| CVE-2019-15032 | 1 Pydio | 1 Pydio | 2019-09-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal server information. | |||||
| CVE-2019-11662 | 1 Microfocus | 1 Service Manager | 2019-09-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message. | |||||