Total
439 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-4239 | 1 Ibm | 1 Tivoli Netcool\/impact | 2024-11-21 | 5.3 Medium |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175412. | ||||
| CVE-2020-4166 | 1 Ibm | 1 Security Guardium Insights | 2024-11-21 | 5.3 Medium |
| IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 174402. | ||||
| CVE-2020-4164 | 1 Ibm | 1 Security Information Queue | 2024-11-21 | 2.7 Low |
| IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could expose sensitive information from applicatino errors which could be used in further attacks against the system. IBM X-Force ID: 174400. | ||||
| CVE-2020-4085 | 1 Hcltech | 1 Connections | 2024-11-21 | 6.5 Medium |
| "HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local user." | ||||
| CVE-2020-35177 | 1 Hashicorp | 1 Vault | 2024-11-21 | 5.3 Medium |
| HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1. | ||||
| CVE-2020-2505 | 1 Qnap | 1 Qes | 2024-11-21 | 2.3 Low |
| If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. | ||||
| CVE-2020-27015 | 1 Trendmicro | 1 Antivirus | 2024-11-21 | 4.4 Medium |
| Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2020-25778 | 1 Trendmicro | 1 Antivirus | 2024-11-21 | 6.0 Medium |
| Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2020-25640 | 1 Redhat | 5 Jboss Enterprise Application Platform, Jboss Fuse, Openshift Application Runtimes and 2 more | 2024-11-21 | 5.3 Medium |
| A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file. | ||||
| CVE-2020-25633 | 2 Quarkus, Redhat | 7 Quarkus, Jboss Enterprise Application Platform, Jboss Fuse and 4 more | 2024-11-21 | 5.3 Medium |
| A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality. | ||||
| CVE-2020-24925 | 1 Elkarbackup | 1 Elkarbackup | 2024-11-21 | 7.5 High |
| A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3. An attacker is able to view the path of the source code jobs/sort where entire source code path is displayed in the browser itself helping the attacker identify the code structure /app/elkarbackup/src/Binovo/ElkarBackupBundle/Controller/DefaultController.php | ||||
| CVE-2020-23995 | 1 Ilias | 1 Ilias | 2024-11-21 | 6.5 Medium |
| An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload. | ||||
| CVE-2020-20470 | 1 White Shark Systems Project | 1 White Shark Systems | 2024-11-21 | 5.3 Medium |
| White Shark System (WSS) 1.3.2 has web site physical path leakage vulnerability. | ||||
| CVE-2020-1717 | 1 Redhat | 4 Jboss Fuse, Keycloak, Openshift Application Runtimes and 1 more | 2024-11-21 | 2.7 Low |
| A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack. | ||||
| CVE-2020-19275 | 1 Dhcms Project | 1 Dhcms | 2024-11-21 | 5.3 Medium |
| An Information Disclosure vulnerability exists in dhcms 2017-09-18 when entering invalid characters after the normal interface, which causes an error that will leak the physical path. | ||||
| CVE-2020-16128 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 3.8 Low |
| The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5. | ||||
| CVE-2020-16121 | 2 Canonical, Packagekit Project | 2 Ubuntu Linux, Packagekit | 2024-11-21 | 3.3 Low |
| PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own. | ||||
| CVE-2020-15794 | 1 Siemens | 1 Desigo Insight | 2024-11-21 | 4.3 Medium |
| A vulnerability has been identified in Desigo Insight (All versions). Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated attacker to retrieve additional information about the host system. | ||||
| CVE-2020-15666 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.5 Medium |
| When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status to services or device discovery on a local network among other attacks. This vulnerability affects Firefox < 80 and Firefox for Android < 80. | ||||
| CVE-2020-15652 | 3 Canonical, Mozilla, Redhat | 7 Ubuntu Linux, Firefox, Firefox Esr and 4 more | 2024-11-21 | 6.5 Medium |
| By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. | ||||