Filtered by vendor
Subscriptions
Total
393 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-3454 | 1 Csa-iot | 1 Matter | 2024-11-21 | 3.5 Low |
An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK allows a third party to disclose information about devices part of the same fabric (footprinting), even though the protocol is designed to prevent access to such information. | ||||
CVE-2024-39737 | 1 Ibm | 2 Datacap, Datacap Navigator | 2024-11-21 | 5.4 Medium |
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 296004. | ||||
CVE-2024-39458 | 2024-11-21 | 3.1 Low | ||
When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log. | ||||
CVE-2024-37162 | 1 Idopesok | 1 Zsa | 2024-11-21 | 4 Medium |
zsa is a library for building typesafe server actions in Next.js. All users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. This can potentially reveal sensitive information about the server environment, such as the machine username and directory paths. An attacker could exploit this vulnerability to gain unauthorized access to sensitive server information. This information could be used to plan further attacks or gain a deeper understanding of the server infrastructure. This has been patched on `0.3.3`. | ||||
CVE-2024-36375 | 2024-11-21 | 5.3 Medium | ||
In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed | ||||
CVE-2024-36106 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | 4.3 Medium |
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate clusters by name by inspecting error messages. It’s also possible to enumerate the names of projects with project-scoped clusters if you know the names of the clusters. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17. | ||||
CVE-2024-35232 | 1 Facebook | 1 Facebook | 2024-11-21 | 3.7 Low |
github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. access_token can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2. | ||||
CVE-2024-35156 | 1 Ibm | 2 Mq, Mq Appliance | 2024-11-21 | 6.5 Medium |
IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766. | ||||
CVE-2024-35155 | 1 Ibm | 2 Mq, Mq Appliance | 2024-11-21 | 6.5 Medium |
IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765. | ||||
CVE-2024-35119 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 5.3 Medium |
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 290342. | ||||
CVE-2024-31844 | 1 Italtel | 1 Embrace | 2024-11-21 | 5.3 Medium |
An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside an error message, some information about the server is revealed, such as the absolute path of the source code of the application. This kind of information can help an attacker to perform other attacks against the system. This can be exploited without authentication. | ||||
CVE-2024-2009 | 2024-11-21 | 5.3 Medium | ||
A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue is the function ajax_login_submit_form of the file login\index.php of the component Argument Handler. The manipulation of the argument rsargs[] leads to information exposure through error message. The attack may be launched remotely. VDB-255266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-29059 | 1 Microsoft | 1 .net | 2024-11-21 | 7.5 High |
.NET Framework Information Disclosure Vulnerability | ||||
CVE-2024-28939 | 1 Microsoft | 3 Ole Db Driver 18 For Sql Server, Ole Db Driver 19 For Sql Server, Sql Server | 2024-11-21 | 8.8 High |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | ||||
CVE-2024-28285 | 2024-11-21 | 9.8 Critical | ||
A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate privileges. | ||||
CVE-2024-27315 | 2024-11-21 | 4.3 Medium | ||
An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue. | ||||
CVE-2024-23689 | 1 Clickhouse | 1 Java Libraries | 2024-11-21 | 8.8 High |
Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when 'sslkey' is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message. | ||||
CVE-2024-22646 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 5.3 Medium |
An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system. | ||||
CVE-2024-21866 | 1 Rapidscada | 1 Rapid Scada | 2024-11-21 | 5.3 Medium |
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product responds back with an error message containing sensitive data if it receives a specific malformed request. | ||||
CVE-2024-21733 | 2 Apache, Redhat | 3 Tomcat, Apache-camel-spring-boot, Jboss Fuse | 2024-11-21 | 5.3 Medium |
Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue. |