Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-209
Total 235 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-16128 1 Canonical 1 Ubuntu Linux 2020-12-11 2.1 LOW 3.8 LOW
The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5.
CVE-2000-1191 1 Htdig Project 1 Htdig 2020-12-09 5.0 MEDIUM N/A
htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path.
CVE-2010-3332 1 Microsoft 2 .net Framework, Internet Information Services 2020-11-23 6.4 MEDIUM N/A
Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
CVE-2020-16121 2 Canonical, Packagekit Project 2 Ubuntu Linux, Packagekit 2020-11-18 2.1 LOW 3.3 LOW
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
CVE-2020-4483 1 Ibm 1 Urbancode Deploy 2020-11-12 4.0 MEDIUM 4.3 MEDIUM
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181857.
CVE-2020-27015 1 Trendmicro 1 Antivirus 2020-11-05 2.1 LOW 4.4 MEDIUM
Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.
CVE-2019-4547 1 Ibm 1 Security Directory Server 2020-10-30 5.0 MEDIUM 5.3 MEDIUM
IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949.
CVE-2020-4629 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2020-10-01 2.1 LOW 3.3 LOW
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.
CVE-2018-19947 1 Qnap 1 Helpdesk 2020-09-16 4.0 MEDIUM 6.5 MEDIUM
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.
CVE-2020-4166 1 Ibm 1 Security Guardium Insights 2020-08-28 5.0 MEDIUM 5.3 MEDIUM
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 174402.
CVE-2019-4699 1 Ibm 2 Guardium Data Encryption, Guardium For Cloud Key Management 2020-08-27 4.0 MEDIUM 2.7 LOW
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931.
CVE-2018-14907 1 3cx 1 3cx Web Server 2020-08-24 5.0 MEDIUM 5.3 MEDIUM
The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname.
CVE-2019-7644 1 Auth0 1 Auth0-wcf-service-jwt 2020-08-24 7.5 HIGH 9.8 CRITICAL
Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application.
CVE-2019-7550 1 Jforum 1 Jforum 2020-08-24 5.0 MEDIUM 5.3 MEDIUM
In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the "create user" function. If a register/check/username?username= request corresponds to a username that exists, then an "is already in use" error is produced. NOTE: this product is discontinued.
CVE-2019-6792 1 Gitlab 1 Gitlab 2020-08-24 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information.
CVE-2019-6122 1 Nicehash 1 Miner 2020-08-24 4.3 MEDIUM 3.1 LOW
A Username Enumeration via Error Message issue was discovered in NiceHash Miner before 2.0.3.0 because an "EMAIL DOES NOT EXIST" error message occurs whenever a submitted email address is incorrect, but there is a different error message for invalid credentials with a correct email address.
CVE-2019-4601 1 Ibm 1 Rational Quality Manager 2020-08-24 4.0 MEDIUM 4.3 MEDIUM
IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to obtain sensitive information from a stack trace that could aid in further attacks against the system.
CVE-2019-4593 2 Ibm, Linux 2 Qradar Security Information And Event Manager, Linux Kernel 2020-08-24 4.0 MEDIUM 4.3 MEDIUM
IBM QRadar 7.3.0 to 7.3.3 Patch 2 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-ForceID: 167743.
CVE-2019-4583 1 Ibm 1 Maximo Asset Management 2020-08-24 4.0 MEDIUM 4.3 MEDIUM
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 167289.
CVE-2019-4570 1 Ibm 1 Tivoli Netcool\/impact 2020-08-24 5.0 MEDIUM 5.3 MEDIUM
IBM Tivoli Netcool Impact 7.1.0 through 7.1.0.16 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 166720.