Total
325 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4897 | 1 Ibm | 2 Emptoris Contract Management, Emptoris Spend Analysis | 2021-01-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988. | |||||
| CVE-2020-4544 | 1 Ibm | 13 Collaborative Lifecycle Management, Doors Next, Engineering Insights and 10 more | 2021-01-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189. | |||||
| CVE-2020-4487 | 1 Ibm | 13 Collaborative Lifecycle Management, Doors Next, Engineering Insights and 10 more | 2021-01-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862. | |||||
| CVE-2020-4761 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2021-01-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 188895. | |||||
| CVE-2020-2505 | 1 Qnap | 1 Qes | 2020-12-28 | 2.1 LOW | 2.3 LOW |
| If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. | |||||
| CVE-2020-4842 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2020-12-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190046. | |||||
| CVE-2020-4846 | 1 Ibm | 1 Security Key Lifecycle Manager | 2020-12-17 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190290. | |||||
| CVE-2020-4907 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2020-12-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||||
| CVE-2020-16128 | 1 Canonical | 1 Ubuntu Linux | 2020-12-11 | 2.1 LOW | 3.8 LOW |
| The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5. | |||||
| CVE-2000-1191 | 1 Htdig Project | 1 Htdig | 2020-12-09 | 5.0 MEDIUM | N/A |
| htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path. | |||||
| CVE-2018-1073 | 2 Ovirt, Redhat | 4 Ovirt-engine, Enterprise Linux, Virtualization and 1 more | 2020-12-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts. | |||||
| CVE-2010-3332 | 1 Microsoft | 2 .net Framework, Internet Information Services | 2020-11-23 | 6.4 MEDIUM | N/A |
| Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability." | |||||
| CVE-2020-16121 | 2 Canonical, Packagekit Project | 2 Ubuntu Linux, Packagekit | 2020-11-18 | 2.1 LOW | 3.3 LOW |
| PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own. | |||||
| CVE-2020-4483 | 1 Ibm | 1 Urbancode Deploy | 2020-11-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181857. | |||||
| CVE-2020-27015 | 1 Trendmicro | 1 Antivirus | 2020-11-05 | 2.1 LOW | 4.4 MEDIUM |
| Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2019-4547 | 1 Ibm | 1 Security Directory Server | 2020-10-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949. | |||||
| CVE-2019-7612 | 2 Elastic, Netapp | 2 Logstash, Active Iq Performance Analytics Services | 2020-10-05 | 5.0 MEDIUM | 9.8 CRITICAL |
| A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message. | |||||
| CVE-2020-4629 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2020-10-02 | 2.1 LOW | 3.3 LOW |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370. | |||||
| CVE-2018-19947 | 1 Qnap | 1 Helpdesk | 2020-09-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. | |||||
| CVE-2019-3756 | 1 Rsa | 1 Archer | 2020-08-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions. | |||||