Total
235 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-16101 | 1 Silver-peak | 2 Unity Edgeconnect Sd-wan, Unity Edgeconnect Sd-wan Firmware | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI. | |||||
CVE-2019-18865 | 1 Blaauwproducts | 1 Remote Kiln Control | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames. | |||||
CVE-2019-19806 | 1 Mfscripts | 1 Yetishare | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 displays a message indicating whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses. | |||||
CVE-2019-7941 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | |||||
CVE-2019-9223 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure. | |||||
CVE-2020-11594 | 1 Cipplanner | 1 Cipace | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path. | |||||
CVE-2020-11883 | 1 Divante | 2 Storefront-api, Vue-storefront-api | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names. | |||||
CVE-2020-13997 | 1 Shopware | 1 Shopware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
In Shopware before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled. | |||||
CVE-2020-4164 | 1 Ibm | 1 Security Information Queue | 2021-07-21 | 4.0 MEDIUM | 2.7 LOW |
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could expose sensitive information from applicatino errors which could be used in further attacks against the system. IBM X-Force ID: 174400. | |||||
CVE-2020-15478 | 1 Journal-theme | 1 Journal | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors. | |||||
CVE-2020-15666 | 1 Mozilla | 1 Firefox | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status to services or device discovery on a local network among other attacks. This vulnerability affects Firefox < 80 and Firefox for Android < 80. | |||||
CVE-2020-24925 | 1 Elkarbackup | 1 Elkarbackup | 2021-07-21 | 3.5 LOW | 7.5 HIGH |
A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3. An attacker is able to view the path of the source code jobs/sort where entire source code path is displayed in the browser itself helping the attacker identify the code structure /app/elkarbackup/src/Binovo/ElkarBackupBundle/Controller/DefaultController.php | |||||
CVE-2020-25778 | 1 Trendmicro | 1 Antivirus | 2021-07-21 | 2.1 LOW | 6.0 MEDIUM |
Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. | |||||
CVE-2020-35177 | 1 Hashicorp | 1 Vault | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1. | |||||
CVE-2020-4085 | 1 Hcltech | 1 Connections | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
"HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local user." | |||||
CVE-2020-4239 | 1 Ibm | 1 Tivoli Netcool\/impact | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175412. | |||||
CVE-2020-4248 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-07-21 | 4.0 MEDIUM | 2.7 LOW |
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175484. | |||||
CVE-2020-4277 | 1 Ibm | 1 Tririga Application Platform | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 discloses sensitive information in error messages that could aid an attacker formulate future attacks. IBM X-Force ID: 175993. | |||||
CVE-2020-4319 | 1 Ibm | 1 Mq Appliance | 2021-07-21 | 3.5 LOW | 4.3 MEDIUM |
IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an error message within the pre-v7 pubsub logic. IBM X-Force ID: 177402. | |||||
CVE-2020-4357 | 1 Ibm | 1 Spectrum Scale | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761. |