Total
241 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-25948 | 1 Honeywell | 4 Direct Station, Engineering Station, Experion Server and 1 more | 2024-04-22 | N/A | 7.5 HIGH |
Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
CVE-2024-21313 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-04-11 | N/A | 5.3 MEDIUM |
Windows TCP/IP Information Disclosure Vulnerability | |||||
CVE-2024-2009 | 2024-04-11 | 5.0 MEDIUM | 5.3 MEDIUM | ||
A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue is the function ajax_login_submit_form of the file login\index.php of the component Argument Handler. The manipulation of the argument rsargs[] leads to information exposure through error message. The attack may be launched remotely. VDB-255266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2019-12215 | 1 Matomo | 1 Matomo | 2024-04-11 | 4.0 MEDIUM | 4.3 MEDIUM |
** DISPUTED ** A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this issue, stating "avoid reporting path disclosures, as we don't consider them as security vulnerabilities." | |||||
CVE-2015-10012 | 1 Sumocoders | 1 Frameworkuserbundle | 2024-04-11 | 2.7 LOW | 7.5 HIGH |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information exposure through error message. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is abe4993390ba9bd7821ab12678270556645f94c8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217268. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2024-28939 | 2024-04-10 | N/A | 8.8 HIGH | ||
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | |||||
CVE-2024-29059 | 2024-04-04 | N/A | 7.5 HIGH | ||
.NET Framework Information Disclosure Vulnerability | |||||
CVE-2022-32756 | 1 Ibm | 1 Security Verify Directory | 2024-04-01 | N/A | 2.7 LOW |
IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 228507. | |||||
CVE-2024-21733 | 1 Apache | 1 Tomcat | 2024-02-16 | N/A | 5.3 MEDIUM |
Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue. | |||||
CVE-2024-21866 | 1 Rapidscada | 1 Rapid Scada | 2024-02-07 | N/A | 5.3 MEDIUM |
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product responds back with an error message containing sensitive data if it receives a specific malformed request. | |||||
CVE-2023-40171 | 2024-02-05 | N/A | 7.5 HIGH | ||
Dispatch is an open source security incident management tool. The server response includes the JWT Secret Key used for signing JWT tokens in error message when the `Dispatch Plugin - Basic Authentication Provider` plugin encounters an error when attempting to decode a JWT token. Any Dispatch users who own their instance and rely on the `Dispatch Plugin - Basic Authentication Provider` plugin for authentication may be impacted, allowing for any account to be taken over within their own instance. This could be done by using the secret to sign attacker crafted JWTs. If you think that you may be impacted, we strongly suggest you to rotate the secret stored in the `DISPATCH_JWT_SECRET` envvar in the `.env` file. This issue has been addressed in commit `b1942a4319` which has been included in the `20230817` release. users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2023-45701 | 1 Hcltechsw | 1 Hcl Launch | 2024-02-05 | N/A | 6.5 MEDIUM |
HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||||
CVE-2023-47703 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2024-02-05 | N/A | 5.3 MEDIUM |
IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 271197. | |||||
CVE-2023-49878 | 1 Ibm | 6 Virtualization Engine Ts7760 3957-vec, Virtualization Engine Ts7760 3957-vec Firmware, Virtualization Engine Ts7770 3948-ved and 3 more | 2024-02-05 | N/A | 4.3 MEDIUM |
IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 272652. | |||||
CVE-2024-23689 | 1 Clickhouse | 1 Java Libraries | 2024-02-05 | N/A | 8.8 HIGH |
Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when 'sslkey' is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message. | |||||
CVE-2023-6839 | 1 Wso2 | 1 Api Manager | 2024-02-05 | N/A | 5.3 MEDIUM |
Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response. | |||||
CVE-2024-21619 | 1 Juniper | 105 Ex2200, Ex2200-c, Ex2200-vc and 102 more | 2024-02-05 | N/A | 7.5 HIGH |
A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information. When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. | |||||
CVE-2023-42013 | 1 Ibm | 1 Urbancode Deploy | 2024-02-05 | N/A | 5.3 MEDIUM |
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510. | |||||
CVE-2023-27319 | 1 Netapp | 1 Ontap Mediator | 2024-02-05 | N/A | 5.3 MEDIUM |
ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API. | |||||
CVE-2023-31048 | 1 Opcfoundation | 1 Ua-.netstandard | 2024-02-05 | N/A | 5.3 MEDIUM |
The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely. |