Total
335 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4636 | 1 Ibm | 1 Security Secret Server | 2020-01-30 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. IBM X-Force ID: 170013. | |||||
| CVE-2020-7231 | 1 Evoko | 1 Home | 2020-01-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid. | |||||
| CVE-2019-16768 | 1 Sylius | 1 Sylius | 2019-12-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may leak and be visible to the customer. A validation message with the exception details will be presented to the user when one will try to log into the shop. This has been patched in versions 1.3.14, 1.4.10, 1.5.7, and 1.6.3. | |||||
| CVE-2013-6879 | 1 Miwisoft | 1 Mijosearch | 2019-12-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Mijosoft MijoSearch component 2.0.1 and earlier for Joomla! allows remote attackers to obtain sensitive information via a request to component/mijosearch/search, which reveals the installation path in an error message. | |||||
| CVE-2019-5483 | 1 Senecajs | 1 Seneca | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Seneca < 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users. | |||||
| CVE-2018-17891 | 2 Carestream, Microsoft | 2 Carestream Vue Ris, Windows 8.1 | 2019-10-09 | 4.3 MEDIUM | 3.7 LOW |
| Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack. | |||||
| CVE-2017-2659 | 1 Dropbear Ssh Project | 1 Dropbear Ssh | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts. | |||||
| CVE-2017-2594 | 1 Hawt | 1 Hawtio | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root. | |||||
| CVE-2016-9459 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as an HTML document. Thus any injected data in the log would be executed. | |||||
| CVE-2019-4512 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554. | |||||
| CVE-2018-8042 | 1 Apache | 1 Ambari | 2019-10-03 | 4.3 MEDIUM | 8.1 HIGH |
| Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie. | |||||
| CVE-2018-14925 | 1 Matera | 1 Banco | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components. | |||||
| CVE-2017-1370 | 1 Ibm | 1 Jazz Reporting Service | 2019-10-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863. | |||||
| CVE-2018-11325 | 1 Joomla | 1 Joomla\! | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen. | |||||
| CVE-2019-15032 | 1 Pydio | 1 Pydio | 2019-09-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal server information. | |||||