Total
502 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-54366 | 2024-12-16 | 5.3 Medium | ||
| Generation of Error Message Containing Sensitive Information vulnerability in Dave Kiss Vimeography allows Retrieve Embedded Sensitive Data.This issue affects Vimeography: from n/a through 2.4.4. | ||||
| CVE-2023-34110 | 1 Flask-appbuilder Project | 1 Flask-appbuilder | 2024-12-06 | 2.7 Low |
| Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the pbkdf2:sha256 hashed password. This vulnerability has been fixed in version 4.3.2. | ||||
| CVE-2023-37306 | 1 Misp-project | 1 Malware Information Sharing Platform | 2024-11-27 | 7.5 High |
| MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages. | ||||
| CVE-2023-43021 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | 5.3 Medium |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 266167. | ||||
| CVE-2024-6984 | 1 Canonical | 1 Juju | 2024-11-21 | 8.8 High |
| An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm. | ||||
| CVE-2024-5435 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.5 Medium |
| An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2 will disclose user password from repository mirror configuration. | ||||
| CVE-2024-5250 | 1 Perforce | 1 Akana Api | 2024-11-21 | 3.5 Low |
| In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations | ||||
| CVE-2024-3454 | 1 Csa-iot | 1 Matter | 2024-11-21 | 3.5 Low |
| An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK allows a third party to disclose information about devices part of the same fabric (footprinting), even though the protocol is designed to prevent access to such information. | ||||
| CVE-2024-39737 | 1 Ibm | 2 Datacap, Datacap Navigator | 2024-11-21 | 5.4 Medium |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 296004. | ||||
| CVE-2024-37162 | 1 Idopesok | 1 Zsa | 2024-11-21 | 4 Medium |
| zsa is a library for building typesafe server actions in Next.js. All users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. This can potentially reveal sensitive information about the server environment, such as the machine username and directory paths. An attacker could exploit this vulnerability to gain unauthorized access to sensitive server information. This information could be used to plan further attacks or gain a deeper understanding of the server infrastructure. This has been patched on `0.3.3`. | ||||
| CVE-2024-36106 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | 4.3 Medium |
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate clusters by name by inspecting error messages. It’s also possible to enumerate the names of projects with project-scoped clusters if you know the names of the clusters. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17. | ||||
| CVE-2024-35232 | 1 Facebook | 1 Facebook | 2024-11-21 | 3.7 Low |
| github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. access_token can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2. | ||||
| CVE-2024-35156 | 1 Ibm | 2 Mq, Mq Appliance | 2024-11-21 | 6.5 Medium |
| IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766. | ||||
| CVE-2024-35155 | 1 Ibm | 2 Mq, Mq Appliance | 2024-11-21 | 6.5 Medium |
| IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765. | ||||
| CVE-2024-35119 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 5.3 Medium |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 290342. | ||||
| CVE-2023-6839 | 1 Wso2 | 1 Api Manager | 2024-11-21 | 5.3 Medium |
| Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response. | ||||
| CVE-2023-50953 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 5.4 Medium |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: 275775. | ||||
| CVE-2023-4457 | 1 Grafana | 1 Google Sheets | 2024-11-21 | 5.5 Medium |
| Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source. This vulnerability was fixed in version 1.2.2. | ||||
| CVE-2023-49878 | 1 Ibm | 6 Virtualization Engine Ts7760 3957-vec, Virtualization Engine Ts7760 3957-vec Firmware, Virtualization Engine Ts7770 3948-ved and 3 more | 2024-11-21 | 4.3 Medium |
| IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 272652. | ||||
| CVE-2023-48393 | 1 Kaifa | 1 Webitr Attendance System | 2024-11-21 | 4.3 Medium |
| Kaifa Technology WebITR is an online attendance system. A remote attacker with regular user privilege can obtain partial sensitive system information from error message. | ||||