Total
280 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-31047 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem. | |||||
CVE-2021-32937 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be initiated. | |||||
CVE-2021-20377 | 1 Ibm | 1 Security Guardium | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569. | |||||
CVE-2021-44155 | 1 Reprisesoftware | 1 Reprise License Manager | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users. | |||||
CVE-2022-0079 | 1 Showdoc | 1 Showdoc | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
showdoc is vulnerable to Generation of Error Message Containing Sensitive Information | |||||
CVE-2021-38894 | 1 Ibm | 1 Security Verify Access | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515. | |||||
CVE-2020-4941 | 1 Ibm | 1 Edge Application Manager | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 191941. | |||||
CVE-2021-39458 | 1 Redaxo | 1 Redaxo | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables. | |||||
CVE-2021-20485 | 1 Ibm | 1 Sterling File Gateway | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197667. | |||||
CVE-2021-1546 | 1 Cisco | 21 Catalyst Sd-wan Manager, Sd-wan Vbond Orchestrator, Sd-wan Vmanage and 18 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information. | |||||
CVE-2022-0504 | 1 Microweber | 1 Microweber | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. | |||||
CVE-2021-40338 | 1 Hitachi | 1 Linkone | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that enables debug mode and reveals the full path of the filesystem directory when an attacker generates errors during a query operation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26. | |||||
CVE-2021-43542 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | |||||
CVE-2021-40126 | 1 Cisco | 1 Umbrella | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This vulnerability is due to an overly descriptive error message on the dashboard that appears when a user attempts to modify their email address when the new address already exists in the system. An attacker could exploit this vulnerability by attempting to modify the user's email address. A successful exploit could allow the attacker to enumerate email addresses of users in the system. | |||||
CVE-2021-4177 | 1 Livehelperchat | 1 Live Helper Chat | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information | |||||
CVE-2022-0083 | 1 Livehelperchat | 1 Live Helper Chat | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information | |||||
CVE-2021-38980 | 3 Ibm, Linux, Microsoft | 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212786. | |||||
CVE-2021-20552 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling File Gateway, Linux Kernel and 1 more | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170. | |||||
CVE-2021-35060 | 1 Openwaygroup | 1 Way4 | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to leverage response differences to discover whether a specific payment card number is stored in the system. | |||||
CVE-2021-20508 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199322. |