Total
453 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2760 | 1 Octopus | 1 Octopus Server | 2024-11-21 | 4.3 Medium |
| In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space. | ||||
| CVE-2022-2062 | 1 Xgenecloud | 1 Nocodb | 2024-11-21 | 7.5 High |
| Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+. | ||||
| CVE-2022-29266 | 1 Apache | 1 Apisix | 2024-11-21 | 7.5 High |
| In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information. | ||||
| CVE-2022-26973 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 5.3 Medium |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details. | ||||
| CVE-2022-26070 | 1 Splunk | 1 Splunk | 2024-11-21 | 4.3 Medium |
| When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0. | ||||
| CVE-2022-23794 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application. | ||||
| CVE-2022-22162 | 1 Juniper | 1 Junos | 2024-11-21 | 7.3 High |
| A Generation of Error Message Containing Sensitive Information vulnerability in the CLI of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to elevate these to the level of any other user logged in via J-Web at this time, potential leading to a full compromise of the device. This issue affects Juniper Networks Junos OS: All versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. | ||||
| CVE-2022-1120 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.8 Medium |
| Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration. | ||||
| CVE-2022-0660 | 1 Microweber | 1 Microweber | 2024-11-21 | 7.5 High |
| Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. | ||||
| CVE-2022-0622 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 5.3 Medium |
| Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11. | ||||
| CVE-2022-0563 | 2 Kernel, Netapp | 2 Util-linux, Ontap Select Deploy Administration Utility | 2024-11-21 | 5.5 Medium |
| A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. | ||||
| CVE-2022-0504 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.5 Medium |
| Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. | ||||
| CVE-2022-0083 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 5.3 Medium |
| livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information | ||||
| CVE-2022-0079 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 5.3 Medium |
| showdoc is vulnerable to Generation of Error Message Containing Sensitive Information | ||||
| CVE-2021-4177 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 5.3 Medium |
| livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information | ||||
| CVE-2021-46353 | 1 Dlink | 2 Dir-x1860, Dir-x1860 Firmware | 2024-11-21 | 5.3 Medium |
| An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absolute paths that are being used by the web application. | ||||
| CVE-2021-43542 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Firefox Esr and 4 more | 2024-11-21 | 6.5 Medium |
| Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | ||||
| CVE-2021-43206 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 4.3 Medium |
| A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages. | ||||
| CVE-2021-40338 | 1 Hitachi | 1 Linkone | 2024-11-21 | 3.7 Low |
| Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that enables debug mode and reveals the full path of the filesystem directory when an attacker generates errors during a query operation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26. | ||||
| CVE-2021-40126 | 1 Cisco | 1 Umbrella | 2024-11-21 | 4.3 Medium |
| A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This vulnerability is due to an overly descriptive error message on the dashboard that appears when a user attempts to modify their email address when the new address already exists in the system. An attacker could exploit this vulnerability by attempting to modify the user's email address. A successful exploit could allow the attacker to enumerate email addresses of users in the system. | ||||