Falhas do tipo CWE-209

370 resultados

CVE-2018-10913LOWAn information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to deEPSS 2.1%CVE-2017-2594MEDIUMhawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerEEPSS 2.0%CVE-2018-1073MEDIUMThe web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, alloEPSS 1.9%CVE-2012-0059MEDIUMSpacewalk-backend: spacewalk-backend: information disclosure via cleartext passwords in error messagesEPSS 1.6%CVE-2020-15125HIGHAuthorization header is not sanitized in an error object in auth0EPSS 1.5%CVE-2022-2062CRITICALGeneration of Error Message Containing Sensitive Information in nocodb/nocodbEPSS 1.5%CVE-2017-2659MEDIUMIt was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is EPSS 1.5%CVE-2024-21313MEDIUMWindows TCP/IP Information Disclosure VulnerabilityEPSS 1.5%CVE-2023-25956HIGHApache Airflow AWS Provider: Arbitrary file read via AWS providerEPSS 1.5%CVE-2016-9459—Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a localEPSS 1.5%CVE-2020-14337—A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticEPSS 1.5%CVE-2024-23945MEDIUMApache Hive, Apache Spark, Apache Spark: CookieSigner exposes the correct signature when message verification failsEPSS 1.4%CVE-2021-20289—A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the EPSS 1.4%CVE-2018-14623MEDIUMA SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SEPSS 1.4%CVE-2017-7551—389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different returEPSS 1.4%CVE-2023-25695MEDIUMInformation disclosure in Apache AirflowEPSS 1.4%CVE-2021-32734LOWFile path disclosure of shared files in Nextcloud Text applicationEPSS 1.4%CVE-2020-25640—A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection errEPSS 1.3%CVE-2021-32766MEDIUMNextcloud Text app can disclose existence of folders in "File Drop" link shareEPSS 1.3%CVE-2022-31023MEDIUMDev error stack trace leaking into prod in Play FrameworkEPSS 1.2%

← anteriorpágina 2 / 19próxima →