Total
439 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2760 | 1 Octopus | 1 Octopus Server | 2024-11-21 | 4.3 Medium |
| In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space. | ||||
| CVE-2022-2508 | 1 Octopus | 1 Octopus Server | 2024-11-21 | 5.3 Medium |
| In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging. | ||||
| CVE-2022-2062 | 1 Xgenecloud | 1 Nocodb | 2024-11-21 | 7.5 High |
| Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+. | ||||
| CVE-2022-29266 | 1 Apache | 1 Apisix | 2024-11-21 | 7.5 High |
| In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information. | ||||
| CVE-2022-26973 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 5.3 Medium |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details. | ||||
| CVE-2022-26070 | 1 Splunk | 1 Splunk | 2024-11-21 | 4.3 Medium |
| When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0. | ||||
| CVE-2022-24906 | 1 Nextcloud | 1 Deck | 2024-11-21 | 3.5 Low |
| Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available. | ||||
| CVE-2022-24731 | 2 Argoproj, Redhat | 2 Argo Cd, Openshift Gitops | 2024-11-21 | 6.8 Medium |
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user who has been granted `create` or `update` access to Applications can leak the contents of any text file on the repo-server. By crafting a malicious Helm chart and using it in an Application, the attacker can retrieve the sensitive file's contents either as part of the generated manifests or in an error message. The attacker would have to know or guess the location of the target file. Sensitive files which could be leaked include files from another Application's source repositories or any secrets which have been mounted as files on the repo-server. This vulnerability is patched in Argo CD versions 2.1.11, 2.2.6, and 2.3.0. The problem can be mitigated by avoiding storing secrets in git, avoiding mounting secrets as files on the repo-server, avoiding decrypting secrets into files on the repo-server, and carefully limiting who can `create` or `update` Applications. | ||||
| CVE-2022-23794 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application. | ||||
| CVE-2022-22760 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2024-11-21 | 6.5 Medium |
| When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. | ||||
| CVE-2022-22449 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-11-21 | 5.3 Medium |
| IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 224915. | ||||
| CVE-2022-22162 | 1 Juniper | 1 Junos | 2024-11-21 | 7.3 High |
| A Generation of Error Message Containing Sensitive Information vulnerability in the CLI of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to elevate these to the level of any other user logged in via J-Web at this time, potential leading to a full compromise of the device. This issue affects Juniper Networks Junos OS: All versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. | ||||
| CVE-2022-20525 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742768 | ||||
| CVE-2022-1120 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.8 Medium |
| Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration. | ||||
| CVE-2022-0660 | 1 Microweber | 1 Microweber | 2024-11-21 | 7.5 High |
| Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. | ||||
| CVE-2022-0622 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 5.3 Medium |
| Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11. | ||||
| CVE-2022-0563 | 2 Kernel, Netapp | 2 Util-linux, Ontap Select Deploy Administration Utility | 2024-11-21 | 5.5 Medium |
| A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. | ||||
| CVE-2022-0504 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.5 Medium |
| Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. | ||||
| CVE-2022-0083 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 5.3 Medium |
| livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information | ||||
| CVE-2022-0079 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 5.3 Medium |
| showdoc is vulnerable to Generation of Error Message Containing Sensitive Information | ||||