Total
450 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-19275 | 1 Dhcms Project | 1 Dhcms | 2024-11-21 | 5.3 Medium |
| An Information Disclosure vulnerability exists in dhcms 2017-09-18 when entering invalid characters after the normal interface, which causes an error that will leak the physical path. | ||||
| CVE-2020-16128 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 3.8 Low |
| The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5. | ||||
| CVE-2020-16121 | 2 Canonical, Packagekit Project | 2 Ubuntu Linux, Packagekit | 2024-11-21 | 3.3 Low |
| PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own. | ||||
| CVE-2020-15794 | 1 Siemens | 1 Desigo Insight | 2024-11-21 | 4.3 Medium |
| A vulnerability has been identified in Desigo Insight (All versions). Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated attacker to retrieve additional information about the host system. | ||||
| CVE-2020-15666 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.5 Medium |
| When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status to services or device discovery on a local network among other attacks. This vulnerability affects Firefox < 80 and Firefox for Android < 80. | ||||
| CVE-2020-15652 | 3 Canonical, Mozilla, Redhat | 7 Ubuntu Linux, Firefox, Firefox Esr and 4 more | 2024-11-21 | 6.5 Medium |
| By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. | ||||
| CVE-2020-15478 | 1 Journal-theme | 1 Journal | 2024-11-21 | 7.5 High |
| The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors. | ||||
| CVE-2020-15219 | 1 Combodo | 1 Itop | 2024-11-21 | 4.3 Medium |
| Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, when a download error is triggered in the user portal, an SQL query is displayed to the user. This is fixed in versions 2.7.2 and 3.0.0. | ||||
| CVE-2020-15132 | 1 Sulu | 1 Sulu | 2024-11-21 | 5.3 Medium |
| In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found, a response with a `400` error code is returned, along with a error message saying that this user name does not exist. This enables attackers to retrieve valid usernames. Also, the response of the "Forgot Password" request returns the email address to which the email was sent, if the operation was successful. This information should not be exposed, as it can be used to gather email addresses. This problem was fixed in versions 1.6.35, 2.0.10 and 2.1.1. | ||||
| CVE-2020-15125 | 1 Auth0 | 1 Auth0.js | 2024-11-21 | 7.7 High |
| In auth0 (npm package) versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. The key for Authorization header is not sanitized and in certain cases the Authorization header value can be logged exposing a bearer token. You are affected by this vulnerability if you are using the auth0 npm package, and you are using a Machine to Machine application authorized to use Auth0's management API | ||||
| CVE-2020-14337 | 1 Redhat | 1 Ansible Tower | 2024-11-21 | 5.8 Medium |
| A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default organization and verify existing usernames. The highest threat from this vulnerability is to data confidentiality. | ||||
| CVE-2020-13997 | 1 Shopware | 1 Shopware | 2024-11-21 | 7.5 High |
| In Shopware before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled. | ||||
| CVE-2020-11883 | 1 Divante | 2 Storefront-api, Vue-storefront-api | 2024-11-21 | 5.3 Medium |
| In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names. | ||||
| CVE-2020-11594 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 7.5 High |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path. | ||||
| CVE-2020-10097 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Zammad 3.0 through 3.2. It may respond with verbose error messages that disclose internal application or infrastructure information. This information could aid attackers in successfully exploiting other vulnerabilities. | ||||
| CVE-2019-9455 | 3 Google, Opensuse, Redhat | 3 Android, Leap, Enterprise Linux | 2024-11-21 | 2.3 Low |
| In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2019-9223 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure. | ||||
| CVE-2019-7941 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2024-11-21 | N/A |
| Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | ||||
| CVE-2019-7644 | 1 Auth0 | 1 Auth0-wcf-service-jwt | 2024-11-21 | N/A |
| Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application. | ||||
| CVE-2019-7612 | 2 Elastic, Netapp | 2 Logstash, Active Iq Performance Analytics Services | 2024-11-21 | 9.8 Critical |
| A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message. | ||||