Total
516 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-21032 | 4 Hitachi, Linux, Microsoft and 1 more | 6 Automation Director, Compute Systems Manager, Device Manager and 3 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. Hitachi Command Suite includes Hitachi Device Manager and Hitachi Compute Systems Manager.
|
|||||
| CVE-2018-1073 | 2 Ovirt, Redhat | 4 Ovirt-engine, Enterprise Linux, Virtualization and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.
|
|||||
| CVE-2018-19947 | 1 Qnap | 1 Helpdesk | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.
|
|||||
| CVE-2018-17961 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more | 2024-11-21 | 6.8 MEDIUM | 8.6 HIGH |
|
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.
|
|||||
| CVE-2018-17891 | 2 Carestream, Microsoft | 2 Carestream Vue Ris, Windows 8.1 | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
|
Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack.
|
|||||
| CVE-2018-14925 | 1 Matera | 1 Banco | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components.
|
|||||
| CVE-2018-14907 | 1 3cx | 1 3cx Web Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname.
|
|||||
| CVE-2018-14623 | 1 Theforeman | 1 Katello | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulnerable.
|
|||||
| CVE-2018-12886 | 1 Gnu | 1 Gcc | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.
|
|||||
| CVE-2018-12536 | 2 Eclipse, Oracle | 2 Jetty, Retail Xstore Point Of Service | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the ...
Show More |
|||||
| CVE-2018-11325 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen.
|
|||||
| CVE-2018-10913 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.
|
|||||
| CVE-2018-10624 | 1 Johnsoncontrols | 2 Bcpro, Metasys System | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.
|
|||||
| CVE-2017-2659 | 1 Dropbear Ssh Project | 1 Dropbear Ssh | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts.
|
|||||
| CVE-2017-2594 | 1 Hawt | 1 Hawtio | 2024-11-21 | 5.0 MEDIUM | 5.4 MEDIUM |
|
hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root.
|
|||||
| CVE-2017-16629 | 1 Sapphireims | 1 Sapphireims | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contact administrator for help." For "Correct User and Incorrect Password" - it gives an error "Authentication failed. Please login again."
|
|||||
| CVE-2015-10012 | 1 Sumocoders | 1 Frameworkuserbundle | 2024-11-21 | 2.7 LOW | 3.5 LOW |
|
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information exposure through error message. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is abe4993390ba9bd7821ab12678270556645f94c8. It is recommended to upgrade the affected component. The id ...
Show More |
|||||
| CVE-2014-8161 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
|
|||||
| CVE-2013-6879 | 1 Miwisoft | 1 Mijosearch | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The Mijosoft MijoSearch component 2.0.1 and earlier for Joomla! allows remote attackers to obtain sensitive information via a request to component/mijosearch/search, which reveals the installation path in an error message.
|
|||||
| CVE-2024-48896 | 1 Moodle | 1 Moodle | 2024-11-20 | N/A | 4.3 MEDIUM |
|
A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site.
|
|||||
| CVE-2021-3986 | 1 Janeczku | 1 Calibre-web | 2024-11-19 | N/A | 4.3 MEDIUM |
|
A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they do not own. This vulnerability discloses private information and affects all versions prior to the fix.
|
|||||
| CVE-2023-40457 | 2024-11-12 | N/A | N/A | ||
|
The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset) because of BGP attribute error mishandling (for attribute 21 and 25). NOTE: the vendor disputes this because it is "evaluating support for RFC 7606 as a future feature" and believes that "customers that have chosen to not require or implement RFC 7606 have done so willingly and with knowledge of what is needed to defend ...
Show More |
|||||
| CVE-2024-52043 | 1 Humhub | 1 Humhub | 2024-11-08 | N/A | 5.3 MEDIUM |
|
Generation of Error Message Containing Sensitive Information in HumHub GmbH & Co. KG - HumHub on Linux allows: Excavation (user enumeration).This issue affects all released HumHub versions: through 1.16.2.
|
|||||
| CVE-2024-51560 | 1 63moons | 2 Aero, Wave 2.0 | 2024-11-08 | N/A | 4.3 MEDIUM |
|
This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API endpoint. An authenticated remote attacker could exploit this vulnerability by providing invalid inputs for “userId” parameter in the API request leading to generation of error message containing sensitive information on the targeted system.
|
|||||
| CVE-2024-7038 | 1 Openwebui | 1 Open Webui | 2024-11-03 | N/A | 2.7 LOW |
|
An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existence and configuration of the file. This behavior allows an attacker to enumerate file names and traverse directories by observing the error messages, leading to potential exposure of sensitive information.
|
|||||
| CVE-2024-50512 | 2024-11-01 | N/A | 5.3 MEDIUM | ||
|
Generation of Error Message Containing Sensitive Information vulnerability in Posti Posti Shipping allows Retrieve Embedded Sensitive Data.This issue affects Posti Shipping: from n/a through 3.10.2.
|
|||||
| CVE-2023-50355 | 1 Hcltech | 1 Sametime | 2024-10-31 | N/A | 5.3 MEDIUM |
|
HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack.
|
|||||
| CVE-2024-6551 | 1 Givewp | 1 Givewp | 2024-10-04 | N/A | 5.3 MEDIUM |
|
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.15.1. This is due to the plugin utilizing Symfony and leaving display_errors on within test files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for ...
Show More |
|||||
| CVE-2024-6544 | 1 Coffee2code | 1 Custom Post Limits | 2024-09-30 | N/A | 5.3 MEDIUM |
|
The Custom Post Limits plugin for WordPress is vulnerable to full path disclosure in all versions up to, and including, 4.4.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
|
|||||
| CVE-2024-7415 | 1 Coffee2code | 1 Remember Me Controls | 2024-09-30 | N/A | 5.3 MEDIUM |
|
The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affect ...
Show More |
|||||
| CVE-2024-7426 | 1 Peepso | 1 Peepso | 2024-09-30 | N/A | 5.3 MEDIUM |
|
The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.6.0. This is due to the plugin displaying errors and allowing direct access to the sse.php file. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vuln ...
Show More |
|||||
| CVE-2023-47728 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-09-21 | N/A | 6.5 MEDIUM |
|
IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request. This information could be used in further attacks against the system. IBM X-Force ID: 272201.
|
|||||
| CVE-2024-8571 | 1 Erjemin | 1 Roll Cms | 2024-09-11 | 2.7 LOW | 5.3 MEDIUM |
|
A vulnerability was found in erjemin roll_cms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9. It has been classified as problematic. This affects an unknown part of the file roll_cms/roll_cms/views.py. The manipulation leads to information exposure through error message. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
|
|||||
| CVE-2024-39751 | 1 Ibm | 1 Infosphere Information Server | 2024-08-29 | N/A | 4.3 MEDIUM |
|
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 297429
|
|||||
| CVE-2024-43376 | 1 Umbraco | 1 Umbraco Cms | 2024-08-26 | N/A | 5.3 MEDIUM |
|
Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2.
|
|||||
| CVE-2024-41674 | 1 Okfn | 1 Ckan | 2024-08-23 | N/A | 5.3 MEDIUM |
|
CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) could be leaked to package_search calls as part of the returned error message. This has been patched in CKAN 2.10.5 and 2.11.0.
|
|||||