Lucene search
K

3858 matches found

CVE
CVE
added 2020/06/24 2:10 p.m.38 views

CVE-2020-4327

CVE-2020-4327 affects IBM Security Secret Server. All versions prior to 10.8 may disclose sensitive information when a detailed browser error message is returned, enabling a remote attacker to obtain data. IBM’s bulletin indicates the workaround is upgrading to version 10.8 (remediation). CVSS me...

5.3CVSS4.8AI score0.0113EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/06/24 2:10 p.m.11 views

CVE-2020-4327

IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 177599...

2.7CVSS4.9AI score0.0113EPSS
Exploits0References2
Veracode
Veracode
added 2020/06/23 3:13 a.m.27 views

Cross-Site Scripting (XSS)

css-validator is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the URL when an error message is displayed...

5.4CVSS3.9AI score0.0055EPSS
Exploits0References3Affected Software1
Citrix
Citrix
added 2020/06/19 12:0 a.m.6 views

With Pre-Auth policy in place, users get “Error: Not a privilege User” after logging in

From client machine Access website EPA kicks in and successful EPA response Got the login page Two factor Enter the Username and password Got an error “Not a privilege user” and stuck at /cgi/login...

7.2AI score
Exploits0
Cvelist
Cvelist
added 2020/06/17 5:40 p.m.17 views

CVE-2020-4532

IBM Business Automation Workflow and IBM Business Process Manager IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in...

5.3CVSS4.9AI score0.01299EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/06/16 1:19 p.m.28 views

CVE-2020-9296

Netflix Titus uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passe...

9.4AI score0.02006EPSS
Exploits0References1
Prion
Prion
added 2020/06/15 7:15 p.m.14 views

Server side request forgery (ssrf)

An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login page is vulnerable to Server-Side Request Forgery SSRF that allows use of the application as a proxy. Sent to an external server, a forged request discloses application credentials. For a request to ...

5CVSS7.5AI score0.01027EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2020/06/12 8:4 a.m.17 views

Malicious Code Injection

guvnor-m2repo-editor-backend is vulnerable to malicious code injection. The attacker can inject arbitrary code by uploading a pom.xml with errors to business central using Artifact Repository as the upload function shows the error message in an HTML mode...

4.2AI score
Exploits0
Citrix
Citrix
added 2020/06/03 12:0 a.m.8 views

App Layering 2001: Can't Finalize Layer - An error occurred while finalizing version '1.7' of Layer 'Windows 10 1909 German'

After installing the latest Cumulative Update, Cannot finalize the Version. Getting Error Message: An error occurred while finalizing version '1.7' of Layer 'Windows 10 1909 German'...

7.2AI score
Exploits0
Veeam
Veeam
added 2020/05/29 10:38 a.m.37 views

Veeam Guest Catalog Service does not start after upgrade

Challenge After a consecutive upgrade of Veeam Backup & Replication and Enterprise Manager to a newer version, VeeamCatalogSvc fails to start if the EM database is located on a remote server. Cause The account that is used to start VeeamCatalogSVC might not have access to the Veeam Enterprise...

7.4AI score
Exploits0
NVD
NVD
added 2020/05/28 4:15 p.m.15 views

CVE-2020-4248

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175484...

4CVSS3.1AI score0.00978EPSS
Exploits0References2
Prion
Prion
added 2020/05/28 4:15 p.m.12 views

Information disclosure

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175484...

4CVSS3.3AI score0.00978EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/05/27 2:15 p.m.16 views

Information disclosure

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761...

4CVSS4.1AI score0.00994EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/05/27 1:15 p.m.15 views

CVE-2020-4357

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761...

4.3CVSS4.2AI score0.00994EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/26 3:20 p.m.16 views

Security Bulletin: IBM Spectrum Scale GUI is affected by verbose error message (CVE-2020-4357)

Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale GUI. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4357 DESCRIPTION: IBM Spectrum Scale could allow a remote attacker to obtain sensitive information when a detailed technic...

4.3CVSS1.4AI score0.00994EPSS
Exploits0Affected Software1
Citrix
Citrix
added 2020/05/12 12:0 a.m.7 views

Error "No Apps available at this time" on workspace for iOS app after upgrading to ADC 13.0 build 52.24

After upgrading ADC to version 13.0 build 52.24 iOS Workspace App misbehaving by presenting a longer form against usual and error "No Apps available at this time"on login...

6.8AI score
Exploits0
NVD
NVD
added 2020/05/07 1:15 p.m.18 views

CVE-2019-18865

Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames...

5.3CVSS5.5AI score0.01123EPSS
Exploits1References2
Prion
Prion
added 2020/05/07 1:15 p.m.10 views

Information disclosure

Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames...

5CVSS5.5AI score0.01123EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/05/07 12:56 p.m.15 views

CVE-2019-18865

Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames...

5.5AI score0.01123EPSS
Exploits1References2
Hacker One
Hacker One
added 2020/05/05 1:53 p.m.51 views

Topcoder: Reflected XSS on https://apps.topcoder.com/wiki/page/

Summary: Hi : A reflected XSS occurs on https://apps.topcoder.com/wiki/pages/doeditattachment.action when editing wiki pages attachments. Steps To Reproduce: A user can add attachments on https://apps.topcoder.com/wiki/pages/viewpageattachments.action?pageId=165871793 a wiki page and can edit on...

6.5AI score
Exploits0
Rows per page
Query Builder