Lucene search
K

3858 matches found

CVE
CVE
added 2020/03/31 2:31 p.m.46 views

CVE-2020-4239

IBM Tivoli Netcool Impact 7.1.0.0–7.1.0.17 is affected by CVE-2020-4239, a remote information-disclosure flaw where detailed browser error messages reveal sensitive data. Root cause: information leakage through verbose errors. Impact: potential exposure of confidential information. Remediation: u...

5.3CVSS4.8AI score0.01714EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/03/25 4:5 p.m.22 views

CVE-2020-2169

A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability...

6AI score0.0104EPSS
Exploits0References2
CNVD
CNVD
added 2020/03/17 12:0 a.m.4 views

IBM MQ Appliance and IBM MQ Denial of Service Vulnerabilities

IBM MQ IBM WebSphere MQ and IBM MQ Appliance are both products of IBM Corporation, U.S.A. IBM MQ is a messaging middleware product. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA.IBM MQ Appliance is an all-in-one appliance for rapid...

6.5CVSS6.6AI score0.01624EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/03/11 1:2 p.m.20 views

CVE-2019-19381

oauth/oauth2/v1/saml/ in Abacus OAuth Login 201901r4201910210000 before prior to R4 20.11.2019 Hotfix allows Reflected Cross Site Scripting XSS via an error message...

6AI score0.00724EPSS
Exploits1References2
NVD
NVD
added 2020/03/10 3:15 p.m.16 views

CVE-2019-12446

An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message...

7.5CVSS7.4AI score0.01155EPSS
Exploits0References2
OSV
OSV
added 2020/03/10 3:15 p.m.14 views

CVE-2019-12446

An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message...

7.5CVSS6.5AI score
Exploits0References2
Prion
Prion
added 2020/03/10 3:15 p.m.16 views

Design/Logic Flaw

An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message...

5CVSS7.4AI score0.01155EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/03/10 3:15 p.m.2 views

UBUNTU-CVE-2019-12446

An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message...

7.5CVSS5.8AI score0.01155EPSS
Exploits0References3
CVE
CVE
added 2020/03/10 2:47 p.m.56 views

CVE-2019-12446

The CVE-2019-12446 issue affects GitLab Community and Enterprise Edition versions 8.3 through 11.11, allowing information exposure via an error message. The vulnerability is documented across multiple sources (NVD, Red Hat, Debian, OSV, etc.) with the same flaw description and no detailed root-ca...

7.5CVSS7.3AI score0.01155EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/03/10 2:47 p.m.18 views

CVE-2019-12446

An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message...

7.4AI score0.01155EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2020/03/10 2:47 p.m.17 views

CVE-2019-12446

Removed by vendor...

7.5CVSS7.1AI score0.01155EPSS
Exploits0
NVD
NVD
added 2020/03/09 4:15 p.m.21 views

CVE-2020-2152

Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability...

6.1CVSS6.1AI score0.0124EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/03/09 12:0 a.m.6 views

PT-2020-15363 · Jenkins · Jenkins Subversion Partial Release Manager Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Release Manager Plugin versions 1.2 and earlier Description: The issue is related to a reflected cross-site scripting vulnerability. It occurs because the error message for the Repository URL field form validation is not...

6.1CVSS5.7AI score0.0124EPSS
Exploits0References6
Hacker One
Hacker One
added 2020/02/27 12:1 p.m.30 views

Endless Group: Enumeration of username on password reset page

Summary: Reset password page api call, can be used to enumerate usernames based on the error message Steps To Reproduce: add details for how we can reproduce the issue 1. Go to password reset page 2. Enter username and click submit 3. Check email for password reset code, open the url in any brows...

7AI score
Exploits0
OSV
OSV
added 2020/02/26 4:15 p.m.2 views

CVE-2019-19993

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths...

5.3CVSS6.2AI score0.01243EPSS
Exploits1References3
CNVD
CNVD
added 2020/02/24 12:0 a.m.2 views

SmartClient Absolute Path Information Disclosure Vulnerability

smartclient is an enterprise ajax framework , including very good UI library , tool library and client-server data binding and other features . An absolute path information disclosure vulnerability exists in SmartClient 12.0. An unauthenticated attacker can exploit this vulnerability by sending a...

5.3CVSS6.6AI score0.01072EPSS
Exploits1References1
NVD
NVD
added 2020/01/31 10:15 p.m.17 views

CVE-2013-3565

Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...

6.1CVSS6.3AI score0.01583EPSS
Exploits1References4
Prion
Prion
added 2020/01/31 10:15 p.m.12 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...

4.3CVSS6.2AI score0.01583EPSS
Exploits1References4Affected Software2
Cvelist
Cvelist
added 2020/01/31 9:39 p.m.24 views

CVE-2013-3565

Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...

6.2AI score0.01583EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2020/01/31 9:39 p.m.16 views

CVE-2013-3565

Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...

6.1CVSS6.3AI score0.01583EPSS
Exploits1
Rows per page
Query Builder