Filtered by vendor
Subscriptions
Total
393 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-10012 | 1 Sumocoders | 1 Frameworkuserbundle | 2024-11-21 | 3.5 Low |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information exposure through error message. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is abe4993390ba9bd7821ab12678270556645f94c8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217268. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
CVE-2014-8161 | 3 Debian, Postgresql, Redhat | 5 Debian Linux, Postgresql, Enterprise Linux and 2 more | 2024-11-21 | 4.3 Medium |
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message. | ||||
CVE-2014-2064 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | N/A |
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts. | ||||
CVE-2014-1487 | 7 Canonical, Debian, Fedoraproject and 4 more | 19 Ubuntu Linux, Debian Linux, Fedora and 16 more | 2024-11-21 | 7.5 High |
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages. | ||||
CVE-2013-6879 | 1 Miwisoft | 1 Mijosearch | 2024-11-21 | 5.3 Medium |
The Mijosoft MijoSearch component 2.0.1 and earlier for Joomla! allows remote attackers to obtain sensitive information via a request to component/mijosearch/search, which reveals the installation path in an error message. | ||||
CVE-2013-0212 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Image Registry And Delivery Service \(glance\), Openstack | 2024-11-21 | N/A |
store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages. | ||||
CVE-2012-5615 | 3 Mariadb, Oracle, Redhat | 5 Mariadb, Mysql, Enterprise Linux and 2 more | 2024-11-21 | N/A |
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames. | ||||
CVE-2010-3332 | 1 Microsoft | 2 .net Framework, Internet Information Services | 2024-11-21 | N/A |
Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability." | ||||
CVE-2000-1191 | 2 Htdig Project, Redhat | 2 Htdig, Enterprise Linux | 2024-11-21 | N/A |
htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path. | ||||
CVE-2024-48896 | 1 Moodle | 1 Moodle | 2024-11-20 | 4.3 Medium |
A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site. | ||||
CVE-2021-3986 | 2 Calibre-web Project, Janeczku | 2 Calibre-web, Calibre-web | 2024-11-19 | 4.3 Medium |
A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they do not own. This vulnerability discloses private information and affects all versions prior to the fix. | ||||
CVE-2024-47803 | 2 Jenkins, Redhat | 2 Jenkins, Ocp Tools | 2024-11-13 | 4.3 Medium |
Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field. | ||||
CVE-2023-40457 | 1 Extremenetworks | 1 Extremeos | 2024-11-12 | N/A |
The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset) because of BGP attribute error mishandling (for attribute 21 and 25). NOTE: the vendor disputes this because it is "evaluating support for RFC 7606 as a future feature" and believes that "customers that have chosen to not require or implement RFC 7606 have done so willingly and with knowledge of what is needed to defend against these types of attacks." | ||||
CVE-2024-52043 | 1 Humhub | 1 Humhub | 2024-11-08 | 5.3 Medium |
Generation of Error Message Containing Sensitive Information in HumHub GmbH & Co. KG - HumHub on Linux allows: Excavation (user enumeration).This issue affects all released HumHub versions: through 1.16.2. | ||||
CVE-2024-30141 | 2024-11-08 | 4.7 Medium | ||
HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data. | ||||
CVE-2024-51560 | 1 63moons | 2 Aero, Wave 2.0 | 2024-11-08 | 4.3 Medium |
This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API endpoint. An authenticated remote attacker could exploit this vulnerability by providing invalid inputs for “userId” parameter in the API request leading to generation of error message containing sensitive information on the targeted system. | ||||
CVE-2024-7038 | 1 Openwebui | 1 Open Webui | 2024-11-03 | 2.7 Low |
An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existence and configuration of the file. This behavior allows an attacker to enumerate file names and traverse directories by observing the error messages, leading to potential exposure of sensitive information. | ||||
CVE-2024-39719 | 1 Ollama | 1 Ollama | 2024-11-01 | 7.5 High |
An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the server. | ||||
CVE-2024-50512 | 2024-11-01 | 5.3 Medium | ||
Generation of Error Message Containing Sensitive Information vulnerability in Posti Posti Shipping allows Retrieve Embedded Sensitive Data.This issue affects Posti Shipping: from n/a through 3.10.2. | ||||
CVE-2023-50355 | 1 Hcltech | 1 Sametime | 2024-10-31 | 3.6 Low |
HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack. |