Total
335 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44155 | 1 Reprisesoftware | 1 Reprise License Manager | 2023-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users. | |||||
| CVE-2023-27587 | 1 Readtomyshoe Project | 1 Readtomyshoe | 2023-03-17 | N/A | 6.5 MEDIUM |
| ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, then it will include the full URL of the request. The request URL contains the Google Cloud API key. This has been patched in commit 8533b01. Upgrading should be accompanied by deleting the current GCP API key and issuing a new one. There are no known workarounds. | |||||
| CVE-2023-26052 | 1 Saleor | 1 Saleor | 2023-03-13 | N/A | 5.3 MEDIUM |
| Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. This issue has been patched in versions 3.1.48, 3.7.59, 3.8.0, 3.9.27, 3.10.14 and 3.11.12. | |||||
| CVE-2023-0655 | 1 Sonicwall | 1 Email Security | 2023-02-22 | N/A | 5.3 MEDIUM |
| SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses. | |||||
| CVE-2018-14623 | 1 Theforeman | 1 Katello | 2023-02-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulnerable. | |||||
| CVE-2017-7551 | 1 Fedoraproject | 1 389 Directory Server | 2023-02-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts. | |||||
| CVE-2019-4257 | 1 Ibm | 3 Infosphere Information Analyzer, Infosphere Information Governance Catalog, Infosphere Information Server On Cloud | 2023-02-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability. Sensitive information in an error message may be used to conduct further attacks against the system. IBM X-Force ID: 159945. | |||||
| CVE-2019-4269 | 1 Ibm | 1 Websphere Application Server | 2023-02-03 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive information when a specially crafted url causes a stack trace to be dumped. IBM X-Force ID: 160202. | |||||
| CVE-2019-4219 | 1 Ibm | 1 Security Information Queue | 2023-02-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 159228. | |||||
| CVE-2019-4308 | 1 Ibm | 3 Emptoris Contract Management, Emptoris Sourcing, Emptoris Spend Analysis | 2023-01-31 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034. | |||||
| CVE-2019-4420 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2023-01-31 | 2.1 LOW | 6.2 MEDIUM |
| IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738. | |||||
| CVE-2019-4377 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2023-01-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID: 162803. | |||||
| CVE-2022-46371 | 1 Alotceriot | 2 Ar7088h-a, Ar7088h-a Firmware | 2023-01-23 | N/A | 5.3 MEDIUM |
| Alotcer - AR7088H-A firmware version 16.10.3 Information disclosure. Unspecified error message contains the default administrator user name. | |||||
| CVE-2023-22626 | 1 Pghero Project | 1 Pghero | 2023-01-11 | N/A | 7.5 HIGH |
| PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. (Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server.) | |||||
| CVE-2022-22760 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-30 | N/A | 6.5 MEDIUM |
| When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. | |||||
| CVE-2019-4129 | 1 Ibm | 1 Spectrum Protect Operations Center | 2022-12-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to obtain sensitive information, caused by an error message containing a stack trace. By creating an error with a stack trace, an attacker could exploit this vulnerability to potentially obtain details on the Operations Center architecture. IBM X-Force ID: 158279. | |||||
| CVE-2021-43542 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2022-12-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | |||||
| CVE-2019-4441 | 1 Ibm | 1 Websphere Application Server | 2022-12-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177. | |||||
| CVE-2019-4485 | 1 Ibm | 3 Emptoris Contract Management, Emptoris Sourcing, Emptoris Spend Analysis | 2022-12-02 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069. | |||||
| CVE-2019-4484 | 1 Ibm | 3 Emptoris Contract Management, Emptoris Sourcing, Emptoris Spend Analysis | 2022-12-02 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068. | |||||