3856 matches found
CVE-2022-32756
IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 228507...
CVE-2022-32756 IBM Security Verify Directory information disclosure
IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 228507...
CVE-2022-32756 IBM Security Verify Directory information disclosure
IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 228507...
SUSE-SU-2024:0970-1 Security update for zziplib
This update for zziplib fixes the following issues: Security issue fixed: - CVE-2020-18442: Fixed infinite loop in zzipfileread as used in unzzipcatfile bsc1187526. - CVE-2020-18770: Fixed denial-of-service in function zzipdiskentrytofileheader in mmapped.c bsc1214577. Non-security issue fixed: -...
EulerOS Virtualization 2.11.1 : shim (EulerOS-SA-2024-1421)
According to the versions of the shim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tri...
CVE-2023-40278
An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the printAppointmentPdf.jsp component of OpenClinic GA. By changing the AppointmentUid parameter, an attacker can determine whether a specific appointment exists based on the error...
BIT-GITLAB-2022-1120
Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration...
BIT-GITLAB-2023-1210 Generation of Error Message Containing Sensitive Information in GitLab
An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user's email via an error message for groups that restrict membership by email...
BIT-POSTGRESQL-2022-41862
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes...
BIT-LIVEHELPERCHAT-2021-4177
livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information...
BIT-LIVEHELPERCHAT-2022-0083
livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information...
BIT-AIRFLOW-2023-25695 Information disclosure in Apache Airflow
Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2...
Information disclosure
A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue is the function ajaxloginsubmitform of the file login\index.php of the component Argument Handler. The manipulation of the argument rsargs leads to information exposure through error message. The...
CVE-2024-2009
CVE-2024-2009 affects Nway Pro 9, specifically the ajax_login_submit_form function in login/index.php (Argument Handler). The issue stems from manipulation of rsargs[] which exposes information via an error message, with remote attack possibility. Connected documentation consistently states the v...
Nway Pro Security Vulnerability
Nway Pro is a complete personnel and vehicle access control system for the most diverse market segments. A security vulnerability exists in Nway Pro 9, which stems from the fact that incorrect manipulation of the parameter rsargs can lead to the exposure of sensitive information via an error...
The vulnerability of the createRegister method implementation in Apache OFBiz’s enterprise resource planning software allows a hacker to gain unauthorized access to protected information.
The vulnerability of the createRegister method in Apache OFBiz’s enterprise resource planning software lies in the leakage of information in error messages. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
UBUNTU-CVE-2023-52457
In the Linux kernel, the following vulnerability has been resolved: serial: 8250: omap: Don't skip resource freeing if pmruntimeresumeandget failed Returning an error code from .remove makes the driver core emit the little helpful error message: remove callback returned a non-zero value. This wil...
Apache OFBiz createRegister Error Message Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apache OFBiz. Authentication is not required to exploit this vulnerability. The specific flaw exists within the createRegister method. The issue results from outputting an error message that...
Amazon Linux 2 : tomcat (ALASTOMCAT9-2024-011)
The version of tomcat installed on the remote host is prior to 9.0.50-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2024-011 advisory. 2024-02-15: CVE-2021-33037 was added to this advisory. Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5...
Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2024-017)
The version of tomcat installed on the remote host is prior to 8.5.69-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2024-017 advisory. 2024-02-15: CVE-2021-30640 was added to this advisory. 2024-02-15: CVE-2021-33037 was added to this advisory. A...