Total
280 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25948 | 1 Honeywell | 4 Direct Station, Engineering Station, Experion Server and 1 more | 2024-04-22 | N/A | 7.5 HIGH |
| Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
| CVE-2024-21313 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-04-11 | N/A | 5.3 MEDIUM |
| Windows TCP/IP Information Disclosure Vulnerability | |||||
| CVE-2024-2009 | 2024-04-11 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue is the function ajax_login_submit_form of the file login\index.php of the component Argument Handler. The manipulation of the argument rsargs[] leads to information exposure through error message. The attack may be launched remotely. VDB-255266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2020-9351 | 1 Smartclient | 1 Smartclient | 2024-04-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the absolute path). NOTE: the documentation states "These tools are, by default, available to anyone ... so they should only be deployed into a trusted environment. Alternately, the tools can easily be restricted to administrators or end users by protecting the tools path with normal authentication and authorization mechanisms on the web server." | |||||
| CVE-2019-12215 | 1 Matomo | 1 Matomo | 2024-04-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this issue, stating "avoid reporting path disclosures, as we don't consider them as security vulnerabilities. | |||||
| CVE-2015-10012 | 1 Sumocoders | 1 Frameworkuserbundle | 2024-04-11 | 2.7 LOW | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information exposure through error message. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is abe4993390ba9bd7821ab12678270556645f94c8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217268. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-28939 | 2024-04-10 | N/A | 8.8 HIGH | ||
| Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2024-29059 | 2024-04-04 | N/A | 7.5 HIGH | ||
| .NET Framework Information Disclosure Vulnerability | |||||
| CVE-2022-32756 | 1 Ibm | 1 Security Verify Directory | 2024-04-01 | N/A | 2.7 LOW |
| IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 228507. | |||||
| CVE-2024-21733 | 1 Apache | 1 Tomcat | 2024-02-16 | N/A | 5.3 MEDIUM |
| Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue. | |||||
| CVE-2024-21866 | 1 Rapidscada | 1 Rapid Scada | 2024-02-07 | N/A | 5.3 MEDIUM |
| In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product responds back with an error message containing sensitive data if it receives a specific malformed request. | |||||
| CVE-2023-6944 | 2 Linuxfoundation, Redhat | 2 Backstage, Red Hat Developer Hub | 2024-02-04 | N/A | 5.7 MEDIUM |
| A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately. | |||||
| CVE-2024-22646 | 1 Seopanel | 1 Seo Panel | 2024-02-03 | N/A | 5.3 MEDIUM |
| An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system. | |||||
| CVE-2024-21619 | 1 Juniper | 105 Ex2200, Ex2200-c, Ex2200-vc and 102 more | 2024-01-31 | N/A | 7.5 HIGH |
| A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information. When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. | |||||
| CVE-2024-23689 | 1 Clickhouse | 1 Java Libraries | 2024-01-26 | N/A | 8.8 HIGH |
| Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when 'sslkey' is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message. | |||||
| CVE-2023-49107 | 3 Hitachi, Linux, Microsoft | 3 Device Manager, Linux Kernel, Windows | 2024-01-23 | N/A | 7.5 HIGH |
| Generation of Error Message Containing Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent modules).This issue affects Hitachi Device Manager: before 8.8.5-04. | |||||
| CVE-2022-0563 | 2 Kernel, Netapp | 2 Util-linux, Ontap Select Deploy Administration Utility | 2024-01-07 | 1.9 LOW | 5.5 MEDIUM |
| A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. | |||||
| CVE-2023-45701 | 1 Hcltechsw | 1 Hcl Launch | 2024-01-04 | N/A | 6.5 MEDIUM |
| HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||||
| CVE-2023-27319 | 1 Netapp | 1 Ontap Mediator | 2024-01-03 | N/A | 5.3 MEDIUM |
| ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API. | |||||
| CVE-2021-3620 | 1 Redhat | 9 Ansible Automation Platform Early Access, Ansible Engine, Enterprise Linux and 6 more | 2023-12-28 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. | |||||