Total
242 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-0563 | 2 Kernel, Netapp | 2 Util-linux, Ontap Select Deploy Administration Utility | 2024-02-04 | 1.9 LOW | 5.5 MEDIUM |
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. | |||||
CVE-2022-0660 | 1 Microweber | 1 Microweber | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. | |||||
CVE-2021-3620 | 1 Redhat | 9 Ansible Automation Platform Early Access, Ansible Engine, Enterprise Linux and 6 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. | |||||
CVE-2021-39033 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213963. | |||||
CVE-2022-29266 | 1 Apache | 1 Apisix | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information. | |||||
CVE-2022-31047 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem. | |||||
CVE-2022-2062 | 1 Xgenecloud | 1 Nocodb | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+. | |||||
CVE-2021-1546 | 1 Cisco | 20 Sd-wan Vbond Orchestrator, Sd-wan Vmanage, Vedge 100 and 17 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information. | |||||
CVE-2022-0504 | 1 Microweber | 1 Microweber | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. | |||||
CVE-2021-39458 | 1 Redaxo | 1 Redaxo | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables. | |||||
CVE-2021-20508 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199322. | |||||
CVE-2022-0079 | 1 Showdoc | 1 Showdoc | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
showdoc is vulnerable to Generation of Error Message Containing Sensitive Information | |||||
CVE-2021-43542 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | |||||
CVE-2022-0083 | 1 Livehelperchat | 1 Live Helper Chat | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information | |||||
CVE-2021-35060 | 1 Openwaygroup | 1 Way4 | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to leverage response differences to discover whether a specific payment card number is stored in the system. | |||||
CVE-2021-38894 | 1 Ibm | 1 Security Verify Access | 2024-02-04 | 4.0 MEDIUM | 2.7 LOW |
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515. | |||||
CVE-2021-20485 | 1 Ibm | 1 Sterling File Gateway | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197667. | |||||
CVE-2021-20552 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling File Gateway, Linux Kernel and 1 more | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170. | |||||
CVE-2021-20377 | 1 Ibm | 1 Security Guardium | 2024-02-04 | 4.0 MEDIUM | 2.7 LOW |
IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569. | |||||
CVE-2021-38980 | 3 Ibm, Linux, Microsoft | 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212786. |