Total
355 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32766 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case the public link share has been created with "Upload Only" privileges. (aka "File Drop"). A link share recipient is not expected to see which folders or files exist in a "File Drop" share. Using this vulnerability an attacker is able to enumerate folders in such a share. Exploitation requires that the attacker has access to a valid affected "File Drop" link share. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.0.1. Users who are unable to upgrade are advised to disable the Nextcloud Text application in the app settings. | |||||
| CVE-2021-32734 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.0 MEDIUM | 3.1 LOW |
| Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. As a workaround, one may disable the Nextcloud Text application in Nextcloud Server app settings. | |||||
| CVE-2021-32712 | 1 Shopware | 1 Shopware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview. | |||||
| CVE-2021-31341 | 1 Mendix | 1 Database Replication | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Uploading a table mapping using a manipulated XML file results in an exception that could expose information about the application-server and the used XML-framework on the Mendix Database Replication Module (All versions prior to v7.0.1). | |||||
| CVE-2021-31339 | 1 Mendix | 1 Excel Importer | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been identified in Mendix Excel Importer Module (All versions < V9.0.3). Uploading a manipulated XML File results in an exception that could expose information about the Application-Server and the used XML-Framework. | |||||
| CVE-2021-31159 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732. | |||||
| CVE-2021-30357 | 1 Checkpoint | 1 Ssl Network Extender | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access. | |||||
| CVE-2021-29784 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 203168. | |||||
| CVE-2021-29767 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202681. | |||||
| CVE-2021-29766 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202680. | |||||
| CVE-2021-29688 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 200102. | |||||
| CVE-2021-29682 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199997 | |||||
| CVE-2021-29040 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused attacks via crafted inputs. | |||||
| CVE-2021-26997 | 1 Netapp | 1 E-series Santricity Os Controller | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information via error messaging which may aid in crafting more complex attacks. | |||||
| CVE-2021-25958 | 1 Apache | 1 Ofbiz | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long password, but when he tries to login with it an exception occurs. | |||||
| CVE-2021-25809 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php. | |||||
| CVE-2021-23973 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. | |||||
| CVE-2021-23968 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. | |||||
| CVE-2021-23135 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | 2.1 LOW | 5.9 MEDIUM |
| Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14. | |||||
| CVE-2021-22885 | 2 Debian, Rubyonrails | 3 Debian Linux, Actionpack Page-caching, Rails | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input. | |||||