Total
420 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11662 | 1 Microfocus | 1 Service Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message. | |||||
| CVE-2019-11602 | 1 Bosch | 2 Iot Gateway Software, Prosyst Mbs Sdk | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure. | |||||
| CVE-2019-11252 | 1 Kubernetes | 1 Kubernetes | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
| The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes. | |||||
| CVE-2019-1020013 | 1 Parseplatform | 1 Parse-server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| parse-server before 3.6.0 allows account enumeration. | |||||
| CVE-2019-0404 | 1 Sap | 1 Enable Now | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure. | |||||
| CVE-2018-8042 | 1 Apache | 1 Ambari | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie. | |||||
| CVE-2018-2379 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In SAP HANA Extended Application Services, 1.0, an unauthenticated user could test if a given username is valid by evaluating error messages of a specific endpoint. | |||||
| CVE-2018-21032 | 4 Hitachi, Linux, Microsoft and 1 more | 6 Automation Director, Compute Systems Manager, Device Manager and 3 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. Hitachi Command Suite includes Hitachi Device Manager and Hitachi Compute Systems Manager. | |||||
| CVE-2018-19947 | 1 Qnap | 1 Helpdesk | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. | |||||
| CVE-2018-17961 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more | 2024-11-21 | 6.8 MEDIUM | 8.6 HIGH |
| Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. | |||||
| CVE-2018-14925 | 1 Matera | 1 Banco | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components. | |||||
| CVE-2018-14907 | 1 3cx | 1 3cx Web Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname. | |||||
| CVE-2018-14623 | 1 Theforeman | 1 Katello | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulnerable. | |||||
| CVE-2018-12886 | 1 Gnu | 1 Gcc | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against. | |||||
| CVE-2018-11325 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen. | |||||
| CVE-2018-10913 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file. | |||||
| CVE-2017-16629 | 1 Sapphireims | 1 Sapphireims | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contact administrator for help." For "Correct User and Incorrect Password" - it gives an error "Authentication failed. Please login again." | |||||
| CVE-2015-10012 | 1 Sumocoders | 1 Frameworkuserbundle | 2024-11-21 | 2.7 LOW | 3.5 LOW |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information exposure through error message. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is abe4993390ba9bd7821ab12678270556645f94c8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217268. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2014-8161 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message. | |||||
| CVE-2013-6879 | 1 Miwisoft | 1 Mijosearch | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Mijosoft MijoSearch component 2.0.1 and earlier for Joomla! allows remote attackers to obtain sensitive information via a request to component/mijosearch/search, which reveals the installation path in an error message. | |||||