Total
384 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3730 | 1 Dell | 1 Bsafe Micro-edition-suite | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. | |||||
| CVE-2022-1120 | 1 Gitlab | 1 Gitlab | 2022-04-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration. | |||||
| CVE-2021-32937 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2022-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be initiated. | |||||
| CVE-2021-22885 | 2 Debian, Rubyonrails | 3 Debian Linux, Actionpack Page-caching, Rails | 2022-04-06 | 5.0 MEDIUM | 7.5 HIGH |
| A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input. | |||||
| CVE-2022-23794 | 1 Joomla | 1 Joomla\! | 2022-04-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application. | |||||
| CVE-2021-35251 | 1 Solarwinds | 1 Web Help Desk | 2022-03-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation. | |||||
| CVE-2021-46353 | 1 Dlink | 2 Dir-x1860, Dir-x1860 Firmware | 2022-03-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absolute paths that are being used by the web application. | |||||
| CVE-2022-0660 | 1 Microweber | 1 Microweber | 2022-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0622 | 1 Snipeitapp | 1 Snipe-it | 2022-02-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11. | |||||
| CVE-2022-0504 | 1 Microweber | 1 Microweber | 2022-02-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-22162 | 1 Juniper | 1 Junos | 2022-01-26 | 6.9 MEDIUM | 7.8 HIGH |
| A Generation of Error Message Containing Sensitive Information vulnerability in the CLI of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to elevate these to the level of any other user logged in via J-Web at this time, potential leading to a full compromise of the device. This issue affects Juniper Networks Junos OS: All versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. | |||||
| CVE-2021-38894 | 1 Ibm | 1 Security Verify Access | 2022-01-13 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515. | |||||
| CVE-2022-0083 | 1 Livehelperchat | 1 Live Helper Chat | 2022-01-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information | |||||
| CVE-2022-0079 | 1 Showdoc | 1 Showdoc | 2022-01-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| showdoc is vulnerable to Generation of Error Message Containing Sensitive Information | |||||
| CVE-2021-4177 | 1 Livehelperchat | 1 Live Helper Chat | 2022-01-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information | |||||
| CVE-2021-38980 | 3 Ibm, Linux, Microsoft | 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more | 2021-11-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212786. | |||||
| CVE-2020-15794 | 1 Siemens | 1 Desigo Insight | 2021-11-18 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been identified in Desigo Insight (All versions). Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated attacker to retrieve additional information about the host system. | |||||
| CVE-2021-38981 | 3 Ibm, Linux, Microsoft | 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more | 2021-11-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212788. | |||||
| CVE-2019-12156 | 1 Jetbrains | 1 Upsource | 2021-11-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293. | |||||
| CVE-2021-35060 | 1 Openwaygroup | 1 Way4 | 2021-10-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| /way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to leverage response differences to discover whether a specific payment card number is stored in the system. | |||||