Total
280 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-22162 | 1 Juniper | 1 Junos | 2023-12-10 | 6.9 MEDIUM | 7.8 HIGH |
A Generation of Error Message Containing Sensitive Information vulnerability in the CLI of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to elevate these to the level of any other user logged in via J-Web at this time, potential leading to a full compromise of the device. This issue affects Juniper Networks Junos OS: All versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. | |||||
CVE-2021-38981 | 3 Ibm, Linux, Microsoft | 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212788. | |||||
CVE-2021-20371 | 1 Ibm | 9 Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization - Engineering Insights and 6 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516. | |||||
CVE-2020-4536 | 1 Ibm | 1 Openpages Grc Platform | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182907. | |||||
CVE-2021-20523 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660 | |||||
CVE-2021-33711 | 1 Siemens | 1 Teamcenter Active Workspace | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). The affected application allows verbose error messages which allow leaking of sensitive information, such as full paths. | |||||
CVE-2021-32712 | 1 Shopware | 1 Shopware | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview. | |||||
CVE-2021-29766 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202680. | |||||
CVE-2021-31341 | 1 Mendix | 1 Database Replication | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Uploading a table mapping using a manipulated XML file results in an exception that could expose information about the application-server and the used XML-framework on the Mendix Database Replication Module (All versions prior to v7.0.1). | |||||
CVE-2021-29040 | 1 Liferay | 2 Dxp, Liferay Portal | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused attacks via crafted inputs. | |||||
CVE-2020-19275 | 1 Dhcms Project | 1 Dhcms | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An Information Disclosure vulnerability exists in dhcms 2017-09-18 when entering invalid characters after the normal interface, which causes an error that will leak the physical path. | |||||
CVE-2020-20470 | 1 White Shark Systems Project | 1 White Shark Systems | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
White Shark System (WSS) 1.3.2 has web site physical path leakage vulnerability. | |||||
CVE-2021-20424 | 1 Ibm | 1 Cloud Pak For Applications | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. X-Force ID: 196309. | |||||
CVE-2021-25958 | 1 Apache | 1 Ofbiz | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long password, but when he tries to login with it an exception occurs. | |||||
CVE-2021-20430 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196341. | |||||
CVE-2021-22249 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group | |||||
CVE-2021-21421 | 1 Node-etsy-client Project | 1 Node-etsy-client | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later. | |||||
CVE-2021-29682 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199997 | |||||
CVE-2021-20393 | 1 Ibm | 1 Qradar User Behavior Analytics | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196001. | |||||
CVE-2021-20413 | 1 Ibm | 1 Guardium Data Encryption | 2023-12-10 | 5.0 MEDIUM | 4.3 MEDIUM |
IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196212. |