Filtered by CWE-209
Filtered by vendor Subscriptions
Total 393 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-3454 1 Csa-iot 1 Matter 2024-11-21 3.5 Low
An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK allows a third party to disclose information about devices part of the same fabric (footprinting), even though the protocol is designed to prevent access to such information.
CVE-2024-39737 1 Ibm 2 Datacap, Datacap Navigator 2024-11-21 5.4 Medium
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 296004.
CVE-2024-39458 2024-11-21 3.1 Low
When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log.
CVE-2024-37162 1 Idopesok 1 Zsa 2024-11-21 4 Medium
zsa is a library for building typesafe server actions in Next.js. All users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. This can potentially reveal sensitive information about the server environment, such as the machine username and directory paths. An attacker could exploit this vulnerability to gain unauthorized access to sensitive server information. This information could be used to plan further attacks or gain a deeper understanding of the server infrastructure. This has been patched on `0.3.3`.
CVE-2024-36375 2024-11-21 5.3 Medium
In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed
CVE-2024-36106 1 Argoproj 1 Argo Cd 2024-11-21 4.3 Medium
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate clusters by name by inspecting error messages. It’s also possible to enumerate the names of projects with project-scoped clusters if you know the names of the clusters. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17.
CVE-2024-35232 1 Facebook 1 Facebook 2024-11-21 3.7 Low
github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. access_token can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2.
CVE-2024-35156 1 Ibm 2 Mq, Mq Appliance 2024-11-21 6.5 Medium
IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766.
CVE-2024-35155 1 Ibm 2 Mq, Mq Appliance 2024-11-21 6.5 Medium
IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765.
CVE-2024-35119 1 Ibm 1 Infosphere Information Server 2024-11-21 5.3 Medium
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 290342.
CVE-2024-31844 1 Italtel 1 Embrace 2024-11-21 5.3 Medium
An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside an error message, some information about the server is revealed, such as the absolute path of the source code of the application. This kind of information can help an attacker to perform other attacks against the system. This can be exploited without authentication.
CVE-2024-2009 2024-11-21 5.3 Medium
A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue is the function ajax_login_submit_form of the file login\index.php of the component Argument Handler. The manipulation of the argument rsargs[] leads to information exposure through error message. The attack may be launched remotely. VDB-255266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-29059 1 Microsoft 1 .net 2024-11-21 7.5 High
.NET Framework Information Disclosure Vulnerability
CVE-2024-28939 1 Microsoft 3 Ole Db Driver 18 For Sql Server, Ole Db Driver 19 For Sql Server, Sql Server 2024-11-21 8.8 High
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28285 2024-11-21 9.8 Critical
A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate privileges.
CVE-2024-27315 2024-11-21 4.3 Medium
An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.
CVE-2024-23689 1 Clickhouse 1 Java Libraries 2024-11-21 8.8 High
Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when 'sslkey' is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message.
CVE-2024-22646 1 Seopanel 1 Seo Panel 2024-11-21 5.3 Medium
An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system.
CVE-2024-21866 1 Rapidscada 1 Rapid Scada 2024-11-21 5.3 Medium
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product responds back with an error message containing sensitive data if it receives a specific malformed request.
CVE-2024-21733 2 Apache, Redhat 3 Tomcat, Apache-camel-spring-boot, Jboss Fuse 2024-11-21 5.3 Medium
Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.