Total
293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31844 | 1 Italtel | 1 Embrace | 2024-07-26 | N/A | 5.3 MEDIUM |
| An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside an error message, some information about the server is revealed, such as the absolute path of the source code of the application. This kind of information can help an attacker to perform other attacks against the system. This can be exploited without authentication. | |||||
| CVE-2024-3454 | 2024-07-24 | N/A | 3.5 LOW | ||
| An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK allows a third party to disclose information about devices part of the same fabric (footprinting), even though the protocol is designed to prevent access to such information. | |||||
| CVE-2022-35640 | 2024-07-17 | N/A | 4.0 MEDIUM | ||
| IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error message is returned. IBM X-Force ID: 230933. | |||||
| CVE-2024-39737 | 1 Ibm | 2 Datacap, Datacap Navigator | 2024-07-16 | N/A | 5.3 MEDIUM |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 296004. | |||||
| CVE-2024-35155 | 2024-07-01 | N/A | 6.5 MEDIUM | ||
| IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765. | |||||
| CVE-2024-35156 | 2024-07-01 | N/A | 6.5 MEDIUM | ||
| IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766. | |||||
| CVE-2024-35119 | 2024-07-01 | N/A | 5.3 MEDIUM | ||
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 290342. | |||||
| CVE-2023-50953 | 2024-07-01 | N/A | 5.4 MEDIUM | ||
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: 275775. | |||||
| CVE-2023-35009 | 1 Ibm | 1 Cognos Analytics | 2024-06-21 | N/A | 5.3 MEDIUM |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. IBM X-Force ID: 257703. | |||||
| CVE-2024-37162 | 2024-06-07 | N/A | 4.0 MEDIUM | ||
| zsa is a library for building typesafe server actions in Next.js. All users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. This can potentially reveal sensitive information about the server environment, such as the machine username and directory paths. An attacker could exploit this vulnerability to gain unauthorized access to sensitive server information. This information could be used to plan further attacks or gain a deeper understanding of the server infrastructure. This has been patched on `0.3.3`. | |||||
| CVE-2024-36106 | 2024-06-07 | N/A | 4.3 MEDIUM | ||
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate clusters by name by inspecting error messages. It’s also possible to enumerate the names of projects with project-scoped clusters if you know the names of the clusters. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17. | |||||
| CVE-2024-36375 | 2024-05-29 | N/A | 5.3 MEDIUM | ||
| In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed | |||||
| CVE-2024-21313 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-05-29 | N/A | 5.3 MEDIUM |
| Windows TCP/IP Information Disclosure Vulnerability | |||||
| CVE-2024-35232 | 2024-05-28 | N/A | 3.7 LOW | ||
| github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. access_token can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2. | |||||
| CVE-2024-2009 | 2024-05-17 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue is the function ajax_login_submit_form of the file login\index.php of the component Argument Handler. The manipulation of the argument rsargs[] leads to information exposure through error message. The attack may be launched remotely. VDB-255266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2020-9351 | 1 Smartclient | 1 Smartclient | 2024-05-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the absolute path). NOTE: the documentation states "These tools are, by default, available to anyone ... so they should only be deployed into a trusted environment. Alternately, the tools can easily be restricted to administrators or end users by protecting the tools path with normal authentication and authorization mechanisms on the web server." | |||||
| CVE-2019-12215 | 1 Matomo | 1 Matomo | 2024-05-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this issue, stating "avoid reporting path disclosures, as we don't consider them as security vulnerabilities. | |||||
| CVE-2015-10012 | 1 Sumocoders | 1 Frameworkuserbundle | 2024-05-17 | 2.7 LOW | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information exposure through error message. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is abe4993390ba9bd7821ab12678270556645f94c8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217268. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-23474 | 2024-05-06 | N/A | 3.7 LOW | ||
| IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 245403. | |||||
| CVE-2023-25948 | 1 Honeywell | 4 Direct Station, Engineering Station, Experion Server and 1 more | 2024-04-22 | N/A | 7.5 HIGH |
| Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||