Total
235 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20552 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling File Gateway, Linux Kernel and 1 more | 2021-10-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170. | |||||
| CVE-2021-1546 | 1 Cisco | 20 Sd-wan Vbond Orchestrator, Sd-wan Vmanage, Vedge 100 and 17 more | 2021-09-30 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information. | |||||
| CVE-2021-20377 | 1 Ibm | 1 Security Guardium | 2021-09-29 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569. | |||||
| CVE-2020-4941 | 1 Ibm | 1 Edge Application Manager | 2021-09-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 191941. | |||||
| CVE-2021-20485 | 1 Ibm | 1 Sterling File Gateway | 2021-09-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197667. | |||||
| CVE-2021-20523 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660 | |||||
| CVE-2021-20499 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973 | |||||
| CVE-2021-20508 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2021-09-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199322. | |||||
| CVE-2021-35947 | 1 Owncloud | 1 Owncloud | 2021-09-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL. | |||||
| CVE-2021-25958 | 1 Apache | 1 Ofbiz | 2021-09-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long password, but when he tries to login with it an exception occurs. | |||||
| CVE-2021-22249 | 1 Gitlab | 1 Gitlab | 2021-08-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group | |||||
| CVE-2017-16629 | 1 Sapphireims | 1 Sapphireims | 2021-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contact administrator for help." For "Correct User and Incorrect Password" - it gives an error "Authentication failed. Please login again." | |||||
| CVE-2021-20430 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2021-08-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196341. | |||||
| CVE-2021-29766 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2021-08-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202680. | |||||
| CVE-2021-29767 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2021-08-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202681. | |||||
| CVE-2021-29784 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2021-08-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 203168. | |||||
| CVE-2021-32775 | 1 Combodo | 1 Itop | 2021-07-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.4, a non admin user can get access to many class/field values through GroupBy Dashlet error message. This issue is fixed in versions 2.7.4 and 3.0.0. | |||||
| CVE-2020-6511 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2019-12864 | 1 Solarwinds | 3 Netpath, Network Performance Monitor, Orion Platform | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter. | |||||
| CVE-2019-12903 | 1 Pydio | 1 Cells | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Pydio Cells before 1.5.0, when supplied with a Name field in an unexpected Unicode format, fails to handle this and includes the database column/table name as pert of the error message, exposing sensitive information. | |||||