Total
280 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-7644 | 1 Auth0 | 1 Auth0-wcf-service-jwt | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application. | |||||
CVE-2019-15032 | 1 Pydio | 1 Pydio | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal server information. | |||||
CVE-2019-11662 | 1 Microfocus | 1 Service Manager | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message. | |||||
CVE-2019-4308 | 1 Ibm | 3 Emptoris Contract Management, Emptoris Sourcing, Emptoris Spend Analysis | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034. | |||||
CVE-2019-4219 | 1 Ibm | 1 Security Information Queue | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 159228. | |||||
CVE-2019-4269 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive information when a specially crafted url causes a stack trace to be dumped. IBM X-Force ID: 160202. | |||||
CVE-2019-1020013 | 1 Parseplatform | 1 Parse-server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
parse-server before 3.6.0 allows account enumeration. | |||||
CVE-2018-14925 | 1 Matera | 1 Banco | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components. | |||||
CVE-2018-8042 | 1 Apache | 1 Ambari | 2023-12-10 | 4.3 MEDIUM | 8.1 HIGH |
Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie. | |||||
CVE-2018-17961 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more | 2023-12-10 | 6.8 MEDIUM | 8.6 HIGH |
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. | |||||
CVE-2018-10913 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file. | |||||
CVE-2019-7550 | 1 Jforum | 1 Jforum | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the "create user" function. If a register/check/username?username= request corresponds to a username that exists, then an "is already in use" error is produced. NOTE: this product is discontinued. | |||||
CVE-2018-14907 | 1 3cx | 1 3cx Web Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname. | |||||
CVE-2018-14623 | 1 Theforeman | 1 Katello | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulnerable. | |||||
CVE-2018-11325 | 1 Joomla | 1 Joomla\! | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen. | |||||
CVE-2017-1370 | 1 Ibm | 1 Jazz Reporting Service | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863. | |||||
CVE-2017-7551 | 1 Fedoraproject | 1 389 Directory Server | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts. | |||||
CVE-2017-7945 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769. | |||||
CVE-2010-3332 | 1 Microsoft | 2 .net Framework, Internet Information Services | 2023-12-10 | 6.4 MEDIUM | N/A |
Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability." | |||||
CVE-2000-1191 | 1 Htdig Project | 1 Htdig | 2023-12-10 | 5.0 MEDIUM | N/A |
htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path. |