Vulnerabilities (CVE)

Filtered by CWE-209
Total 163 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-26070 1 Splunk 1 Splunk 2022-05-17 4.0 MEDIUM 4.3 MEDIUM
When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0.
CVE-2021-39023 1 Ibm 1 Guardium Data Encryption 2022-05-16 5.0 MEDIUM 7.5 HIGH
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213860.
CVE-2021-43206 1 Fortinet 2 Fortios, Fortiproxy 2022-05-13 4.3 MEDIUM 4.3 MEDIUM
A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages.
CVE-2021-20289 4 Netapp, Oracle, Quarkus and 1 more 4 Oncommand Insight, Communications Cloud Native Core Console, Quarkus and 1 more 2022-05-10 5.0 MEDIUM 5.3 MEDIUM
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
CVE-2021-22145 2 Elastic, Oracle 2 Elasticsearch, Communications Cloud Native Core Automated Test Suite 2022-05-10 4.0 MEDIUM 6.5 MEDIUM
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.
CVE-2022-29266 1 Apache 1 Apisix 2022-04-29 5.0 MEDIUM 7.5 HIGH
In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information.
CVE-2021-39033 3 Ibm, Linux, Microsoft 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more 2022-04-27 4.0 MEDIUM 6.5 MEDIUM
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213963.
CVE-2019-4729 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-04-26 4.0 MEDIUM 4.3 MEDIUM
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519.
CVE-2019-9455 2 Google, Opensuse 2 Android, Leap 2022-04-22 2.1 LOW 2.3 LOW
In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2018-10913 4 Debian, Gluster, Opensuse and 1 more 5 Debian Linux, Glusterfs, Leap and 2 more 2022-04-22 4.0 MEDIUM 6.5 MEDIUM
An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.
CVE-2020-6438 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2022-04-22 4.3 MEDIUM 4.3 MEDIUM
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.
CVE-2019-14433 3 Canonical, Openstack, Redhat 3 Ubuntu Linux, Nova, Openstack 2022-04-18 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.
CVE-2019-3730 1 Dell 1 Bsafe Micro-edition-suite 2022-04-12 5.0 MEDIUM 7.5 HIGH
RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.
CVE-2022-1120 1 Gitlab 1 Gitlab 2022-04-11 4.0 MEDIUM 6.5 MEDIUM
Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration.
CVE-2021-32937 1 Auvesy-mdt 2 Autosave, Autosave For System Platform 2022-04-09 5.0 MEDIUM 7.5 HIGH
An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be initiated.
CVE-2021-22885 2 Debian, Rubyonrails 3 Debian Linux, Actionpack Page-caching, Rails 2022-04-06 5.0 MEDIUM 7.5 HIGH
A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.
CVE-2022-23794 1 Joomla 1 Joomla\! 2022-04-05 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.
CVE-2022-24730 1 Linuxfoundation 1 Argo-cd 2022-04-01 4.0 MEDIUM 6.5 MEDIUM
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal bug, compounded by an improper access control bug, allowing a malicious user with read-only repository access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user who has been granted `get` access for a repository containing a Helm chart can craft an API request to the `/api/v1/repositories/{repo_url}/appdetails` endpoint to leak the contents of out-of-bounds files from the repo-server. The malicious payload would reference an out-of-bounds file, and the contents of that file would be returned as part of the response. Contents from a non-YAML file may be returned as part of an error message. The attacker would have to know or guess the location of the target file. Sensitive files which could be leaked include files from other Applications' source repositories or any secrets which have been mounted as files on the repo-server. This vulnerability is patched in Argo CD versions 2.1.11, 2.2.6, and 2.3.0. The patches prevent path traversal and limit access to users who either A) have been granted Application `create` privileges or B) have been granted Application `get` privileges and are requesting details for a `repo_url` that has already been used for the given Application. There are currently no known workarounds.
CVE-2022-24731 1 Linuxfoundation 1 Argo-cd 2022-04-01 4.0 MEDIUM 4.9 MEDIUM
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user who has been granted `create` or `update` access to Applications can leak the contents of any text file on the repo-server. By crafting a malicious Helm chart and using it in an Application, the attacker can retrieve the sensitive file's contents either as part of the generated manifests or in an error message. The attacker would have to know or guess the location of the target file. Sensitive files which could be leaked include files from another Application's source repositories or any secrets which have been mounted as files on the repo-server. This vulnerability is patched in Argo CD versions 2.1.11, 2.2.6, and 2.3.0. The problem can be mitigated by avoiding storing secrets in git, avoiding mounting secrets as files on the repo-server, avoiding decrypting secrets into files on the repo-server, and carefully limiting who can `create` or `update` Applications.
CVE-2022-0563 1 Kernel 1 Util-linux 2022-03-31 1.9 LOW 5.5 MEDIUM
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.