Vulnerabilities (CVE)

Filtered by CWE-209
Total 430 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-47703 3 Ibm, Linux, Microsoft 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more 2024-11-21 N/A 5.3 MEDIUM
IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 271197.
CVE-2023-47152 3 Ibm, Linux, Microsoft 5 Aix, Db2, Linux On Ibm Z and 2 more 2024-11-21 N/A 5.9 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions.
CVE-2023-46240 1 Codeigniter 1 Codeigniter 2024-11-21 N/A 7.5 HIGH
CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace `ini_set('display_errors', '0')` with `ini_set('display_errors', 'Off')` in `app/Config/Boot/production.php`.
CVE-2023-45701 1 Hcltechsw 1 Hcl Launch 2024-11-21 N/A 4.3 MEDIUM
HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVE-2023-43021 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2024-11-21 N/A 5.3 MEDIUM
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 266167.
CVE-2023-42475 1 Sap 1 S\/4hana 2024-11-21 N/A 4.3 MEDIUM
The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality.
CVE-2023-42013 1 Ibm 1 Urbancode Deploy 2024-11-21 N/A 5.3 MEDIUM
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510.
CVE-2023-41027 1 Juplink 2 Rx4-1500, Rx4-1500 Firmware 2024-11-21 7.7 HIGH 8.0 HIGH
Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint.
CVE-2023-40767 1 Phpjabbers 1 Make An Offer Widget 2024-11-21 N/A 9.8 CRITICAL
User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
CVE-2023-40766 1 Phpjabbers 1 Ticket Support Script 2024-11-21 N/A 9.8 CRITICAL
User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
CVE-2023-40765 1 Phpjabbers 1 Event Booking Calendar 2024-11-21 N/A 9.8 CRITICAL
User enumeration is found in PHPJabbers Event Booking Calendar v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
CVE-2023-40764 1 Phpjabbers 1 Car Rental Script 2024-11-21 N/A 9.8 CRITICAL
User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
CVE-2023-40763 1 Phpjabbers 1 Taxi Booking Script 2024-11-21 N/A 9.8 CRITICAL
User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
CVE-2023-40762 1 Phpjabbers 1 Fundraising Script 2024-11-21 N/A 9.8 CRITICAL
User enumeration is found in PHPJabbers Fundraising Script v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
CVE-2023-40761 1 Phpjabbers 1 Yacht Listing Script 2024-11-21 N/A 9.8 CRITICAL
User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
CVE-2023-40760 1 Phpjabbers 1 Hotel Booking System 2024-11-21 N/A 9.8 CRITICAL
User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
CVE-2023-40759 1 Phpjabbers 1 Restaurant Booking Script 2024-11-21 N/A 9.8 CRITICAL
User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
CVE-2023-40758 1 Phpjabbers 1 Document Creator 2024-11-21 N/A 9.8 CRITICAL
User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
CVE-2023-40757 1 Phpjabbers 1 Food Delivery Script 2024-11-21 N/A 9.8 CRITICAL
User enumeration is found in PHPJabbers Food Delivery Script v3.1. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
CVE-2023-40725 1 Siemens 1 Qms Automotive 2024-11-21 N/A 4.0 MEDIUM
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and identify valid usernames.