Vulnerabilities (CVE)

Filtered by CWE-209
Total 277 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-2379 1 Sap 1 Hana Extended Application Services 2023-12-21 4.0 MEDIUM 6.5 MEDIUM
In SAP HANA Extended Application Services, 1.0, an unauthenticated user could test if a given username is valid by evaluating error messages of a specific endpoint.
CVE-2023-49878 1 Ibm 6 Virtualization Engine Ts7760 3957-vec, Virtualization Engine Ts7760 3957-vec Firmware, Virtualization Engine Ts7770 3948-ved and 3 more 2023-12-19 N/A 4.3 MEDIUM
IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 272652.
CVE-2023-31048 1 Opcfoundation 1 Ua-.netstandard 2023-12-18 N/A 5.3 MEDIUM
The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely.
CVE-2023-49080 1 Jupyter 1 Jupyter Server 2023-12-14 N/A 4.3 MEDIUM
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information. There is no known mechanism by which to trigger these errors without authentication, so the paths revealed are not considered particularly sensitive, given that the requesting user has arbitrary execution permissions already in the same environment. A fix has been introduced in commit `0056c3aa52` which no longer includes traceback information in JSON error responses. For compatibility, the traceback field is present, but always empty. This commit has been included in version 2.11.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-43021 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2023-12-10 N/A 5.3 MEDIUM
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 266167.
CVE-2023-40765 1 Phpjabbers 1 Event Booking Calendar 2023-12-10 N/A 9.8 CRITICAL
User enumeration is found in PHPJabbers Event Booking Calendar v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
CVE-2023-4457 1 Grafana 1 Google Sheets 2023-12-10 N/A 7.5 HIGH
Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source. This vulnerability was fixed in version 1.2.2.
CVE-2023-26272 1 Ibm 1 Guardium Cloud Key Manager 2023-12-10 N/A 5.3 MEDIUM
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 248133.
CVE-2023-40767 1 Phpjabbers 1 Make An Offer Widget 2023-12-10 N/A 9.8 CRITICAL
User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
CVE-2023-40760 1 Phpjabbers 1 Hotel Booking System 2023-12-10 N/A 9.8 CRITICAL
User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
CVE-2023-40762 1 Phpjabbers 1 Fundraising Script 2023-12-10 N/A 9.8 CRITICAL
User enumeration is found in PHPJabbers Fundraising Script v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
CVE-2023-33835 2 Ibm, Linux 2 Security Verify Information Queue, Linux Kernel 2023-12-10 N/A 7.5 HIGH
IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 256015.
CVE-2023-40761 1 Phpjabbers 1 Yacht Listing Script 2023-12-10 N/A 9.8 CRITICAL
User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
CVE-2023-41027 1 Juplink 2 Rx4-1500, Rx4-1500 Firmware 2023-12-10 7.7 HIGH 8.8 HIGH
Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint.
CVE-2022-43891 3 Apple, Ibm, Microsoft 3 Macos, Security Verify Privilege On-premises, Windows 2023-12-10 N/A 5.3 MEDIUM
IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 240454.
CVE-2020-4868 1 Ibm 1 Tririga Application Platform 2023-12-10 N/A 5.3 MEDIUM
IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190744.
CVE-2023-40764 1 Phpjabbers 1 Car Rental Script 2023-12-10 N/A 9.8 CRITICAL
User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
CVE-2023-0833 2 Redhat, Squareup 2 A-mq Streams, Okhttp 2023-12-10 N/A 5.5 MEDIUM
A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
CVE-2023-40171 1 Netflix 1 Dispatch 2023-12-10 N/A 7.5 HIGH
Dispatch is an open source security incident management tool. The server response includes the JWT Secret Key used for signing JWT tokens in error message when the `Dispatch Plugin - Basic Authentication Provider` plugin encounters an error when attempting to decode a JWT token. Any Dispatch users who own their instance and rely on the `Dispatch Plugin - Basic Authentication Provider` plugin for authentication may be impacted, allowing for any account to be taken over within their own instance. This could be done by using the secret to sign attacker crafted JWTs. If you think that you may be impacted, we strongly suggest you to rotate the secret stored in the `DISPATCH_JWT_SECRET` envvar in the `.env` file. This issue has been addressed in commit `b1942a4319` which has been included in the `20230817` release. users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-46240 1 Codeigniter 1 Codeigniter 2023-12-10 N/A 7.5 HIGH
CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace `ini_set('display_errors', '0')` with `ini_set('display_errors', 'Off')` in `app/Config/Boot/production.php`.