Total
354 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43021 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-02-28 | N/A | 5.3 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 266167. | |||||
| CVE-2024-21733 | 1 Apache | 1 Tomcat | 2024-02-28 | N/A | 5.3 MEDIUM |
| Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue. | |||||
| CVE-2020-4868 | 1 Ibm | 1 Tririga Application Platform | 2024-02-28 | N/A | 5.3 MEDIUM |
| IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190744. | |||||
| CVE-2023-33834 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-02-28 | N/A | 5.3 MEDIUM |
| IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-force ID: 256014. | |||||
| CVE-2023-32755 | 1 Edetw | 1 U-office Force | 2024-02-28 | N/A | 5.3 MEDIUM |
| e-Excellence U-Office Force generates an error message in webiste service. An unauthenticated remote attacker can obtain partial sensitive system information from error message by sending a crafted command. | |||||
| CVE-2023-26272 | 1 Ibm | 1 Guardium Cloud Key Manager | 2024-02-28 | N/A | 5.3 MEDIUM |
| IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 248133. | |||||
| CVE-2023-40725 | 1 Siemens | 1 Qms Automotive | 2024-02-28 | N/A | 4.0 MEDIUM |
| A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and identify valid usernames. | |||||
| CVE-2023-40763 | 1 Phpjabbers | 1 Taxi Booking Script | 2024-02-28 | N/A | 9.8 CRITICAL |
| User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-40761 | 1 Phpjabbers | 1 Yacht Listing Script | 2024-02-28 | N/A | 9.8 CRITICAL |
| User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-4457 | 1 Grafana | 1 Google Sheets | 2024-02-28 | N/A | 7.5 HIGH |
| Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source. This vulnerability was fixed in version 1.2.2. | |||||
| CVE-2023-35124 | 1 Openautomationsoftware | 1 Oas Platform | 2024-02-28 | N/A | 4.3 MEDIUM |
| An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2023-41027 | 1 Juplink | 2 Rx4-1500, Rx4-1500 Firmware | 2024-02-28 | 7.7 HIGH | 8.8 HIGH |
| Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint. | |||||
| CVE-2023-33835 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-02-28 | N/A | 7.5 HIGH |
| IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 256015. | |||||
| CVE-2023-40764 | 1 Phpjabbers | 1 Car Rental Script | 2024-02-28 | N/A | 9.8 CRITICAL |
| User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-5514 | 1 Hitachienergy | 1 Esoms | 2024-02-28 | N/A | 5.3 MEDIUM |
| The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure. | |||||
| CVE-2023-40171 | 1 Netflix | 1 Dispatch | 2024-02-28 | N/A | 7.5 HIGH |
| Dispatch is an open source security incident management tool. The server response includes the JWT Secret Key used for signing JWT tokens in error message when the `Dispatch Plugin - Basic Authentication Provider` plugin encounters an error when attempting to decode a JWT token. Any Dispatch users who own their instance and rely on the `Dispatch Plugin - Basic Authentication Provider` plugin for authentication may be impacted, allowing for any account to be taken over within their own instance. This could be done by using the secret to sign attacker crafted JWTs. If you think that you may be impacted, we strongly suggest you to rotate the secret stored in the `DISPATCH_JWT_SECRET` envvar in the `.env` file. This issue has been addressed in commit `b1942a4319` which has been included in the `20230817` release. users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-37489 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-02-28 | N/A | 5.3 MEDIUM |
| Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no impact on the application's availability or integrity. | |||||
| CVE-2023-0833 | 2 Redhat, Squareup | 2 A-mq Streams, Okhttp | 2024-02-28 | N/A | 5.5 MEDIUM |
| A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions. | |||||
| CVE-2023-40757 | 1 Phpjabbers | 1 Food Delivery Script | 2024-02-28 | N/A | 9.8 CRITICAL |
| User enumeration is found in PHPJabbers Food Delivery Script v3.1. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-40767 | 1 Phpjabbers | 1 Make An Offer Widget | 2024-02-28 | N/A | 9.8 CRITICAL |
| User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||