Total
354 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32766 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case the public link share has been created with "Upload Only" privileges. (aka "File Drop"). A link share recipient is not expected to see which folders or files exist in a "File Drop" share. Using this vulnerability an attacker is able to enumerate folders in such a share. Exploitation requires that the attacker has access to a valid affected "File Drop" link share. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.0.1. Users who are unable to upgrade are advised to disable the Nextcloud Text application in the app settings. | |||||
| CVE-2021-20371 | 1 Ibm | 9 Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization - Engineering Insights and 6 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516. | |||||
| CVE-2021-20523 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660 | |||||
| CVE-2020-23995 | 1 Ilias | 1 Ilias | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload. | |||||
| CVE-2021-25809 | 1 Ucms Project | 1 Ucms | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php. | |||||
| CVE-2021-29682 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199997 | |||||
| CVE-2021-26997 | 1 Netapp | 1 E-series Santricity Os Controller | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information via error messaging which may aid in crafting more complex attacks. | |||||
| CVE-2021-20417 | 1 Ibm | 1 Guardium Data Encryption | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196219 | |||||
| CVE-2021-20393 | 1 Ibm | 1 Qradar User Behavior Analytics | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196001. | |||||
| CVE-2021-32712 | 1 Shopware | 1 Shopware | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview. | |||||
| CVE-2021-35947 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL. | |||||
| CVE-2021-25958 | 1 Apache | 1 Ofbiz | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long password, but when he tries to login with it an exception occurs. | |||||
| CVE-2021-20428 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Guardium 11.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196315. | |||||
| CVE-2021-22249 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group | |||||
| CVE-2017-16629 | 1 Sapphireims | 1 Sapphireims | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contact administrator for help." For "Correct User and Incorrect Password" - it gives an error "Authentication failed. Please login again." | |||||
| CVE-2021-32775 | 1 Combodo | 1 Itop | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.4, a non admin user can get access to many class/field values through GroupBy Dashlet error message. This issue is fixed in versions 2.7.4 and 3.0.0. | |||||
| CVE-2021-31341 | 1 Mendix | 1 Database Replication | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Uploading a table mapping using a manipulated XML file results in an exception that could expose information about the application-server and the used XML-framework on the Mendix Database Replication Module (All versions prior to v7.0.1). | |||||
| CVE-2020-20470 | 1 White Shark Systems Project | 1 White Shark Systems | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| White Shark System (WSS) 1.3.2 has web site physical path leakage vulnerability. | |||||
| CVE-2021-29040 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused attacks via crafted inputs. | |||||
| CVE-2021-20413 | 1 Ibm | 1 Guardium Data Encryption | 2024-02-28 | 5.0 MEDIUM | 4.3 MEDIUM |
| IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196212. | |||||