CWE:
 

Topic
Date
Author
Med.
RVSiteBuilder RVGlobalSoft CMS High-Performance Hosting Provider Serious Multiple Vulnerabilities
11.06.2018
KingSkrupellos
Low
Atlassian Confluence AppFusions Doxygen 1.3.x Information Disclosure
22.11.2016
RCE
High
Centreon 2.5.3 Code Execution
27.02.2016
Nicolas CHATELAIN


CVEMAP Search Results

CVE
Details
Description
2021-11-23
Medium
CVE-2021-38980

Updating...
 

 
IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212786.

 
2021-11-15
Medium
CVE-2021-38981

Updating...
 

 
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212788.

 
2021-11-04
Low
CVE-2021-40126

Vendor: Cisco
Software: Umbrella
 

 
A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This vulnerability is due to an overly descriptive error message on the dashboard that appears when a user attempts to modify their email address when the new address already exists in the system. An attacker could exploit this vulnerability by attempting to modify the user's email address. A successful exploit could allow the attacker to enumerate email addresses of users in the system.

 
2021-10-11
Medium
CVE-2021-35060

Vendor: Openwaygroup
Software: WAY4
 

 
/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to leverage response differences to discover whether a specific payment card number is stored in the system.

 
2021-10-07
Low
CVE-2021-20552

Updating...
 

 
IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170.

 
2021-09-23
Low
CVE-2020-4941

Vendor: IBM
Software: Edge applica...
 

 
IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 191941.

 
Low
CVE-2021-1546

Vendor: Cisco
Software: Sd-wan vbond...
 

 
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information.

 
Low
CVE-2021-20485

Vendor: IBM
Software: Sterling fil...
 

 
IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197667.

 
Low
CVE-2021-20377

Vendor: IBM
Software: Security gua...
 

 
IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569.

 
2021-09-07
Medium
CVE-2021-32766

Vendor: Nextcloud
Software: Nextcloud
 

 
Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case the public link share has been created with "Upload Only" privileges. (aka "File Drop"). A link share recipient is not expected to see which folders or files exist in a "File Drop" share. Using this vulnerability an attacker is able to enumerate folders in such a share. Exploitation requires that the attacker has access to a valid affected "File Drop" link share. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.0.1. Users who are unable to upgrade are advised to disable the Nextcloud Text application in the app settings.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top