CWE:
 

Tytuł
Data
Autor
Med.
RVSiteBuilder RVGlobalSoft CMS High-Performance Hosting Provider Serious Multiple Vulnerabilities
11.06.2018
KingSkrupellos
Low
Atlassian Confluence AppFusions Doxygen 1.3.x Information Disclosure
22.11.2016
RCE
High
Centreon 2.5.3 Code Execution
27.02.2016
Nicolas CHATELAIN


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2020-03-30
Medium
CVE-2020-5274

Vendor: Sensiolabs
Software: Symfony
 

 
In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the stacktrace is only display in debug configuration. This issue is patched in symfony/http-foundation versions 4.4.5 and 5.0.5

 
2020-03-10
Medium
CVE-2019-12446

Vendor: Gitlab
Software: Gitlab
 

 
An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message.

 
2020-03-05
Medium
CVE-2020-10097

Vendor: Zammad
Software: Zammad
 

 
An issue was discovered in Zammad 3.0 through 3.2. It may respond with verbose error messages that disclose internal application or infrastructure information. This information could aid attackers in successfully exploiting other vulnerabilities.

 
2020-02-26
Medium
CVE-2019-19993

Vendor: Seling
Software: Visual acces...
 

 
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths.

 
2020-01-28
Low
CVE-2019-4636

Vendor: IBM
Software: Security sec...
 

 
IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. IBM X-Force ID: 170013.

 
2020-01-27
Low
CVE-2014-8161

Vendor: Postgresql
Software: Postgresql
 

 
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.

 
2020-01-19
Medium
CVE-2020-7231

Vendor: Evoko
Software: HOME
 

 
Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid.

 
2019-12-19
Medium
CVE-2019-19342

Vendor: Redhat
Software: Ansible tower
 

 
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose will occur in plaintext. An attacker could easily guess some predictable passwords or brute force the password.

 
2019-12-05
Low
CVE-2019-16768

Vendor: Sylius
Software: Sylius
 

 
In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may leak and be visible to the customer. A validation message with the exception details will be presented to the user when one will try to log into the shop. This has been patched in versions 1.3.14, 1.4.10, 1.5.7, and 1.6.3.

 
2019-11-22
Medium
CVE-2013-6879

Vendor: Miwisoft
Software: Mijosearch
 

 
The Mijosoft MijoSearch component 2.0.1 and earlier for Joomla! allows remote attackers to obtain sensitive information via a request to component/mijosearch/search, which reveals the installation path in an error message.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top