Total
439 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19993 | 1 Seling | 1 Visual Access Manager | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths. | ||||
| CVE-2019-19806 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 5.3 Medium |
| _account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 displays a message indicating whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses. | ||||
| CVE-2019-19342 | 1 Redhat | 1 Ansible Tower | 2024-11-21 | 5.3 Medium |
| A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose will occur in plaintext. An attacker could easily guess some predictable passwords or brute force the password. | ||||
| CVE-2019-18947 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 3.5 Low |
| Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure. | ||||
| CVE-2019-18865 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 5.3 Medium |
| Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames. | ||||
| CVE-2019-16768 | 1 Sylius | 1 Sylius | 2024-11-21 | 3.5 Low |
| In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may leak and be visible to the customer. A validation message with the exception details will be presented to the user when one will try to log into the shop. This has been patched in versions 1.3.14, 1.4.10, 1.5.7, and 1.6.3. | ||||
| CVE-2019-16101 | 1 Silver-peak | 2 Unity Edgeconnect Sd-wan, Unity Edgeconnect Sd-wan Firmware | 2024-11-21 | N/A |
| Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI. | ||||
| CVE-2019-15032 | 1 Pydio | 1 Pydio | 2024-11-21 | 5.3 Medium |
| Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal server information. | ||||
| CVE-2019-14433 | 4 Canonical, Debian, Openstack and 1 more | 4 Ubuntu Linux, Debian Linux, Nova and 1 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data. | ||||
| CVE-2019-13697 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2019-12903 | 1 Pydio | 1 Cells | 2024-11-21 | N/A |
| Pydio Cells before 1.5.0, when supplied with a Name field in an unexpected Unicode format, fails to handle this and includes the database column/table name as pert of the error message, exposing sensitive information. | ||||
| CVE-2019-12864 | 1 Solarwinds | 3 Netpath, Network Performance Monitor, Orion Platform | 2024-11-21 | 5.5 Medium |
| SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter. | ||||
| CVE-2019-12446 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message. | ||||
| CVE-2019-12215 | 1 Matomo | 1 Matomo | 2024-11-21 | N/A |
| A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this issue, stating "avoid reporting path disclosures, as we don't consider them as security vulnerabilities. | ||||
| CVE-2019-12156 | 1 Jetbrains | 1 Upsource | 2024-11-21 | 5.3 Medium |
| Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293. | ||||
| CVE-2019-11662 | 1 Microfocus | 1 Service Manager | 2024-11-21 | 4.3 Medium |
| Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message. | ||||
| CVE-2019-11602 | 1 Bosch | 2 Iot Gateway Software, Prosyst Mbs Sdk | 2024-11-21 | N/A |
| Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure. | ||||
| CVE-2019-11252 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 5.9 Medium |
| The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes. | ||||
| CVE-2019-1020013 | 1 Parseplatform | 1 Parse-server | 2024-11-21 | N/A |
| parse-server before 3.6.0 allows account enumeration. | ||||
| CVE-2019-0404 | 1 Sap | 1 Enable Now | 2024-11-21 | 7.5 High |
| SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure. | ||||