Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-209
Total 235 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-26973 1 Barco 1 Control Room Management Suite 2022-06-09 5.0 MEDIUM 5.3 MEDIUM
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details.
CVE-2022-0563 2 Kernel, Netapp 2 Util-linux, Ontap Select Deploy Administration Utility 2022-06-03 1.9 LOW 5.5 MEDIUM
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.
CVE-2021-23973 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2022-05-27 4.3 MEDIUM 6.5 MEDIUM
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
CVE-2021-23968 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2022-05-27 4.3 MEDIUM 4.3 MEDIUM
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
CVE-2022-26070 1 Splunk 1 Splunk 2022-05-17 4.0 MEDIUM 4.3 MEDIUM
When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0.
CVE-2021-39023 1 Ibm 1 Guardium Data Encryption 2022-05-16 5.0 MEDIUM 7.5 HIGH
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213860.
CVE-2021-43206 1 Fortinet 2 Fortios, Fortiproxy 2022-05-12 4.3 MEDIUM 4.3 MEDIUM
A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages.
CVE-2021-20289 4 Netapp, Oracle, Quarkus and 1 more 4 Oncommand Insight, Communications Cloud Native Core Console, Quarkus and 1 more 2022-05-10 5.0 MEDIUM 5.3 MEDIUM
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
CVE-2021-22145 2 Elastic, Oracle 2 Elasticsearch, Communications Cloud Native Core Automated Test Suite 2022-05-10 4.0 MEDIUM 6.5 MEDIUM
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.
CVE-2022-29266 1 Apache 1 Apisix 2022-04-29 5.0 MEDIUM 7.5 HIGH
In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information.
CVE-2021-39033 3 Ibm, Linux, Microsoft 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more 2022-04-27 4.0 MEDIUM 6.5 MEDIUM
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213963.
CVE-2019-4729 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-04-26 4.0 MEDIUM 4.3 MEDIUM
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519.
CVE-2019-9455 2 Google, Opensuse 2 Android, Leap 2022-04-22 2.1 LOW 2.3 LOW
In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2018-10913 4 Debian, Gluster, Opensuse and 1 more 5 Debian Linux, Glusterfs, Leap and 2 more 2022-04-22 4.0 MEDIUM 6.5 MEDIUM
An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.
CVE-2020-6438 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2022-04-22 4.3 MEDIUM 4.3 MEDIUM
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.
CVE-2019-3730 1 Dell 1 Bsafe Micro-edition-suite 2022-04-12 5.0 MEDIUM 7.5 HIGH
RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.
CVE-2022-1120 1 Gitlab 1 Gitlab 2022-04-11 4.0 MEDIUM 6.5 MEDIUM
Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration.
CVE-2021-32937 1 Auvesy-mdt 2 Autosave, Autosave For System Platform 2022-04-08 5.0 MEDIUM 7.5 HIGH
An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be initiated.
CVE-2021-22885 2 Debian, Rubyonrails 3 Debian Linux, Actionpack Page-caching, Rails 2022-04-06 5.0 MEDIUM 7.5 HIGH
A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.
CVE-2022-23794 1 Joomla 1 Joomla\! 2022-04-05 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.