Total
420 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23794 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application. | |||||
| CVE-2022-22449 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-11-21 | N/A | 5.3 MEDIUM |
| IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 224915. | |||||
| CVE-2022-22162 | 1 Juniper | 1 Junos | 2024-11-21 | 6.9 MEDIUM | 7.3 HIGH |
| A Generation of Error Message Containing Sensitive Information vulnerability in the CLI of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to elevate these to the level of any other user logged in via J-Web at this time, potential leading to a full compromise of the device. This issue affects Juniper Networks Junos OS: All versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. | |||||
| CVE-2022-1120 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.8 MEDIUM |
| Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration. | |||||
| CVE-2022-0660 | 1 Microweber | 1 Microweber | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0622 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11. | |||||
| CVE-2022-0563 | 2 Kernel, Netapp | 2 Util-linux, Ontap Select Deploy Administration Utility | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
| A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. | |||||
| CVE-2022-0504 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0083 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information | |||||
| CVE-2022-0079 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| showdoc is vulnerable to Generation of Error Message Containing Sensitive Information | |||||
| CVE-2021-4177 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information | |||||
| CVE-2021-46353 | 1 Dlink | 2 Dir-x1860, Dir-x1860 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absolute paths that are being used by the web application. | |||||
| CVE-2021-43542 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | |||||
| CVE-2021-43206 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages. | |||||
| CVE-2021-42777 | 1 Stimulsoft | 1 Reports | 2024-11-21 | N/A | 9.8 CRITICAL |
| Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user's local machine, as demonstrated by System.Diagnostics.Process.Start. | |||||
| CVE-2021-40338 | 1 Hitachi | 1 Linkone | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
| Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that enables debug mode and reveals the full path of the filesystem directory when an attacker generates errors during a query operation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26. | |||||
| CVE-2021-40126 | 1 Cisco | 1 Umbrella | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This vulnerability is due to an overly descriptive error message on the dashboard that appears when a user attempts to modify their email address when the new address already exists in the system. An attacker could exploit this vulnerability by attempting to modify the user's email address. A successful exploit could allow the attacker to enumerate email addresses of users in the system. | |||||
| CVE-2021-3620 | 1 Redhat | 9 Ansible Automation Platform Early Access, Ansible Engine, Enterprise Linux and 6 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2021-3513 | 1 Redhat | 1 Keycloak | 2024-11-21 | N/A | 7.5 HIGH |
| A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2021-3393 | 2 Postgresql, Redhat | 3 Postgresql, Enterprise Linux, Software Collections | 2024-11-21 | 3.5 LOW | 4.3 MEDIUM |
| An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read. | |||||