27 matches found
CVE-2022-31023 Dev error stack trace leaking into prod in Play Framework
Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by...
PT-2021-6600 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 12.2 and later Description: A verbose error message in GitLab EE could disclose the private email address of a user invited to a group. This issue affects all versions since 12.2 and allows a remote attacker to access...
CVE-2021-33711
A vulnerability has been identified in Teamcenter Active Workspace V4 All versions V4.3.9, Teamcenter Active Workspace V5.0 All versions V5.0.7, Teamcenter Active Workspace V5.1 All versions V5.1.4. The affected application allows verbose error messages which allow leaking of sensitive informatio...
CVE-2021-29040
The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused...
APIs Are the Next Frontier in Cybercrime
Application Programming Interface API usage has exploded, and cybercriminals are increasingly taking advantage of API security flaws to commit fraud and steal data. APIs, which are used to create connections between software programs and perform integrations, make everything a bit easier — from...
UBUNTU-CVE-2016-9839
In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails...
PT-2016-7839 · Mapserver · Mapserver
Name of the Vulnerable Software and Affected Versions: MapServer versions prior to 7.0.3 Description: The issue is related to the OGR driver in MapServer, where error messages are too verbose. This verbosity may lead to the leakage of sensitive information if a data connection fails...