Total
335 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6839 | 1 Wso2 | 1 Api Manager | 2023-12-21 | N/A | 5.3 MEDIUM |
| Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response. | |||||
| CVE-2018-2379 | 1 Sap | 1 Hana Extended Application Services | 2023-12-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In SAP HANA Extended Application Services, 1.0, an unauthenticated user could test if a given username is valid by evaluating error messages of a specific endpoint. | |||||
| CVE-2023-49878 | 1 Ibm | 6 Virtualization Engine Ts7760 3957-vec, Virtualization Engine Ts7760 3957-vec Firmware, Virtualization Engine Ts7770 3948-ved and 3 more | 2023-12-19 | N/A | 4.3 MEDIUM |
| IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 272652. | |||||
| CVE-2023-31048 | 1 Opcfoundation | 1 Ua-.netstandard | 2023-12-18 | N/A | 5.3 MEDIUM |
| The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely. | |||||
| CVE-2023-49080 | 1 Jupyter | 1 Jupyter Server | 2023-12-14 | N/A | 4.3 MEDIUM |
| The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information. There is no known mechanism by which to trigger these errors without authentication, so the paths revealed are not considered particularly sensitive, given that the requesting user has arbitrary execution permissions already in the same environment. A fix has been introduced in commit `0056c3aa52` which no longer includes traceback information in JSON error responses. For compatibility, the traceback field is present, but always empty. This commit has been included in version 2.11.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-43021 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-12-04 | N/A | 5.3 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 266167. | |||||
| CVE-2023-47636 | 1 Pimcore | 1 Admin Classic Bundle | 2023-11-22 | N/A | 5.3 MEDIUM |
| The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injection) query to view the page source, require the attacker to have the full path to the file they wish to view. In the case of pimcore, the fopen() function here doesn't have an error handle when the file doesn't exist on the server so the server response raises the full path "fopen(/var/www/html/var/tmp/export-{ uniqe id}.csv)". This issue has been patched in commit `10d178ef771` which has been included in release version 1.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-46240 | 1 Codeigniter | 1 Codeigniter | 2023-11-08 | N/A | 7.5 HIGH |
| CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace `ini_set('display_errors', '0')` with `ini_set('display_errors', 'Off')` in `app/Config/Boot/production.php`. | |||||
| CVE-2023-5514 | 1 Hitachienergy | 1 Esoms | 2023-11-08 | N/A | 5.3 MEDIUM |
| The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure. | |||||
| CVE-2023-40767 | 1 Phpjabbers | 1 Make An Offer Widget | 2023-11-07 | N/A | 9.8 CRITICAL |
| User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-40766 | 1 Phpjabbers | 1 Ticket Support Script | 2023-11-07 | N/A | 9.8 CRITICAL |
| User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-40765 | 1 Phpjabbers | 1 Event Booking Calendar | 2023-11-07 | N/A | 9.8 CRITICAL |
| User enumeration is found in PHPJabbers Event Booking Calendar v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-40764 | 1 Phpjabbers | 1 Car Rental Script | 2023-11-07 | N/A | 9.8 CRITICAL |
| User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-40763 | 1 Phpjabbers | 1 Taxi Booking Script | 2023-11-07 | N/A | 9.8 CRITICAL |
| User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-40762 | 1 Phpjabbers | 1 Fundraising Script | 2023-11-07 | N/A | 9.8 CRITICAL |
| User enumeration is found in PHPJabbers Fundraising Script v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-40761 | 1 Phpjabbers | 1 Yacht Listing Script | 2023-11-07 | N/A | 9.8 CRITICAL |
| User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-40760 | 1 Phpjabbers | 1 Hotel Booking System | 2023-11-07 | N/A | 9.8 CRITICAL |
| User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-40759 | 1 Phpjabbers | 1 Restaurant Booking Script | 2023-11-07 | N/A | 9.8 CRITICAL |
| User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-40758 | 1 Phpjabbers | 1 Document Creator | 2023-11-07 | N/A | 9.8 CRITICAL |
| User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-40757 | 1 Phpjabbers | 1 Food Delivery Script | 2023-11-07 | N/A | 9.8 CRITICAL |
| User enumeration is found in PHPJabbers Food Delivery Script v3.1. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||