Total
242 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-14433 | 4 Canonical, Debian, Openstack and 1 more | 4 Ubuntu Linux, Debian Linux, Nova and 1 more | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data. | |||||
CVE-2019-11662 | 1 Microfocus | 1 Service Manager | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message. | |||||
CVE-2019-4485 | 1 Ibm | 3 Emptoris Contract Management, Emptoris Sourcing, Emptoris Spend Analysis | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069. | |||||
CVE-2019-4377 | 1 Ibm | 1 Sterling B2b Integrator | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID: 162803. | |||||
CVE-2019-6792 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information. | |||||
CVE-2018-12886 | 1 Gnu | 1 Gcc | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against. | |||||
CVE-2019-4219 | 1 Ibm | 1 Security Information Queue | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 159228. | |||||
CVE-2019-4420 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2024-02-04 | 2.1 LOW | 6.2 MEDIUM |
IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738. | |||||
CVE-2019-4484 | 1 Ibm | 3 Emptoris Contract Management, Emptoris Sourcing, Emptoris Spend Analysis | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068. | |||||
CVE-2023-6944 | 2 Linuxfoundation, Redhat | 2 Backstage, Red Hat Developer Hub | 2024-02-04 | N/A | 5.7 MEDIUM |
A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately. | |||||
CVE-2018-14925 | 1 Matera | 1 Banco | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components. | |||||
CVE-2018-8042 | 1 Apache | 1 Ambari | 2024-02-04 | 4.3 MEDIUM | 8.1 HIGH |
Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie. | |||||
CVE-2018-14907 | 1 3cx | 1 3cx Web Server | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname. | |||||
CVE-2018-10913 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file. | |||||
CVE-2019-7550 | 1 Jforum | 1 Jforum | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the "create user" function. If a register/check/username?username= request corresponds to a username that exists, then an "is already in use" error is produced. NOTE: this product is discontinued. | |||||
CVE-2018-17961 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more | 2024-02-04 | 6.8 MEDIUM | 8.6 HIGH |
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. | |||||
CVE-2018-2379 | 1 Sap | 1 Hana Extended Application Services | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
In SAP HANA Extended Application Services, 1.0, an unauthenticated user could test if a given username is valid by evaluating error messages of a specific endpoint. | |||||
CVE-2018-11325 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen. | |||||
CVE-2017-1370 | 1 Ibm | 1 Jazz Reporting Service | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863. | |||||
CVE-2017-7945 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769. |