Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-209
Total 235 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-16101 1 Silver-peak 2 Unity Edgeconnect Sd-wan, Unity Edgeconnect Sd-wan Firmware 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI.
CVE-2019-18865 1 Blaauwproducts 1 Remote Kiln Control 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames.
CVE-2019-19806 1 Mfscripts 1 Yetishare 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 displays a message indicating whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses.
CVE-2019-7941 3 Adobe, Linux, Microsoft 3 Campaign, Linux Kernel, Windows 2021-07-21 5.0 MEDIUM 7.5 HIGH
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
CVE-2019-9223 1 Gitlab 1 Gitlab 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure.
CVE-2020-11594 1 Cipplanner 1 Cipace 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path.
CVE-2020-11883 1 Divante 2 Storefront-api, Vue-storefront-api 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names.
CVE-2020-13997 1 Shopware 1 Shopware 2021-07-21 5.0 MEDIUM 7.5 HIGH
In Shopware before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled.
CVE-2020-4164 1 Ibm 1 Security Information Queue 2021-07-21 4.0 MEDIUM 2.7 LOW
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could expose sensitive information from applicatino errors which could be used in further attacks against the system. IBM X-Force ID: 174400.
CVE-2020-15478 1 Journal-theme 1 Journal 2021-07-21 5.0 MEDIUM 7.5 HIGH
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
CVE-2020-15666 1 Mozilla 1 Firefox 2021-07-21 4.3 MEDIUM 6.5 MEDIUM
When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status to services or device discovery on a local network among other attacks. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
CVE-2020-24925 1 Elkarbackup 1 Elkarbackup 2021-07-21 3.5 LOW 7.5 HIGH
A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3. An attacker is able to view the path of the source code jobs/sort where entire source code path is displayed in the browser itself helping the attacker identify the code structure /app/elkarbackup/src/Binovo/ElkarBackupBundle/Controller/DefaultController.php
CVE-2020-25778 1 Trendmicro 1 Antivirus 2021-07-21 2.1 LOW 6.0 MEDIUM
Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.
CVE-2020-35177 1 Hashicorp 1 Vault 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.
CVE-2020-4085 1 Hcltech 1 Connections 2021-07-21 4.0 MEDIUM 6.5 MEDIUM
"HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local user."
CVE-2020-4239 1 Ibm 1 Tivoli Netcool\/impact 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175412.
CVE-2020-4248 1 Ibm 1 Security Identity Governance And Intelligence 2021-07-21 4.0 MEDIUM 2.7 LOW
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175484.
CVE-2020-4277 1 Ibm 1 Tririga Application Platform 2021-07-21 5.0 MEDIUM 7.5 HIGH
IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 discloses sensitive information in error messages that could aid an attacker formulate future attacks. IBM X-Force ID: 175993.
CVE-2020-4319 1 Ibm 1 Mq Appliance 2021-07-21 3.5 LOW 4.3 MEDIUM
IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an error message within the pre-v7 pubsub logic. IBM X-Force ID: 177402.
CVE-2020-4357 1 Ibm 1 Spectrum Scale 2021-07-21 4.0 MEDIUM 4.3 MEDIUM
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761.