CWE:
 

Tytuł
Data
Autor
Med.
RVSiteBuilder RVGlobalSoft CMS High-Performance Hosting Provider Serious Multiple Vulnerabilities
11.06.2018
KingSkrupellos
Low
Atlassian Confluence AppFusions Doxygen 1.3.x Information Disclosure
22.11.2016
RCE
High
Centreon 2.5.3 Code Execution
27.02.2016
Nicolas CHATELAIN


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-01-19
Waiting for details
CVE-2022-22162

Updating...
 

 
A Generation of Error Message Containing Sensitive Information vulnerability in the CLI of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to elevate these to the level of any other user logged in via J-Web at this time, potential leading to a full compromise of the device. This issue affects Juniper Networks Junos OS: All versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2.

 
2022-01-10
Low
CVE-2021-38894

Vendor: IBM
Software: Security ver...
 

 
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515.

 
2022-01-04
Medium
CVE-2022-0083

Vendor: Livehelperchat
Software: Live helper chat
 

 
livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information

 
2022-01-03
Medium
CVE-2022-0079

Vendor: Showdoc
Software: Showdoc
 

 
showdoc is vulnerable to Generation of Error Message Containing Sensitive Information

 
2021-12-28
Waiting for details
CVE-2021-4177

Updating...
 

 
livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information

 
2021-12-13
Medium
CVE-2021-44155

Vendor: Reprisesoftware
Software: Reprise lice...
 

 
An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users.

 
2021-12-08
Low
CVE-2021-43542

Vendor: Mozilla
Software: Firefox
 

 
Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

 
2021-11-23
Medium
CVE-2021-38980

Updating...
 

 
IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212786.

 
2021-11-15
Medium
CVE-2021-38981

Updating...
 

 
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212788.

 
2021-11-04
Low
CVE-2021-40126

Vendor: Cisco
Software: Umbrella
 

 
A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This vulnerability is due to an overly descriptive error message on the dashboard that appears when a user attempts to modify their email address when the new address already exists in the system. An attacker could exploit this vulnerability by attempting to modify the user's email address. A successful exploit could allow the attacker to enumerate email addresses of users in the system.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top