Total
325 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-35947 | 1 Owncloud | 1 Owncloud | 2021-09-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL. | |||||
| CVE-2021-25958 | 1 Apache | 1 Ofbiz | 2021-09-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long password, but when he tries to login with it an exception occurs. | |||||
| CVE-2021-22249 | 1 Gitlab | 1 Gitlab | 2021-08-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group | |||||
| CVE-2017-16629 | 1 Sapphireims | 1 Sapphireims | 2021-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contact administrator for help." For "Correct User and Incorrect Password" - it gives an error "Authentication failed. Please login again." | |||||
| CVE-2021-20430 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2021-08-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196341. | |||||
| CVE-2021-29766 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2021-08-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202680. | |||||
| CVE-2021-29767 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2021-08-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202681. | |||||
| CVE-2021-29784 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2021-08-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 203168. | |||||
| CVE-2021-32775 | 1 Combodo | 1 Itop | 2021-07-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.4, a non admin user can get access to many class/field values through GroupBy Dashlet error message. This issue is fixed in versions 2.7.4 and 3.0.0. | |||||
| CVE-2020-11883 | 1 Divante | 2 Storefront-api, Vue-storefront-api | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names. | |||||
| CVE-2020-13997 | 1 Shopware | 1 Shopware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Shopware before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled. | |||||
| CVE-2020-24925 | 1 Elkarbackup | 1 Elkarbackup | 2021-07-21 | 3.5 LOW | 7.5 HIGH |
| A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3. An attacker is able to view the path of the source code jobs/sort where entire source code path is displayed in the browser itself helping the attacker identify the code structure /app/elkarbackup/src/Binovo/ElkarBackupBundle/Controller/DefaultController.php | |||||
| CVE-2020-6503 | 1 Google | 1 Chrome | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in accessibility in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2019-12864 | 1 Solarwinds | 3 Netpath, Network Performance Monitor, Orion Platform | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter. | |||||
| CVE-2020-6189 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would otherwise be restricted leading to Information Disclosure. | |||||
| CVE-2020-4085 | 1 Hcltech | 1 Connections | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| "HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local user." | |||||
| CVE-2020-4239 | 1 Ibm | 1 Tivoli Netcool\/impact | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175412. | |||||
| CVE-2019-9223 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure. | |||||
| CVE-2019-7941 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | |||||
| CVE-2019-18865 | 1 Blaauwproducts | 1 Remote Kiln Control | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames. | |||||