Vulnerabilities > Information Exposure Through an Error Message

DATE CVE VULNERABILITY TITLE RISK
2018-10-15 CVE-2018-17961 Information Exposure Through an Error Message vulnerability in multiple products
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup.
local
low complexity
artifex debian canonical redhat CWE-209
8.6
2018-08-03 CVE-2018-14925 Information Exposure Through an Error Message vulnerability in Matera Banco 1.0.0
Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components.
network
low complexity
matera CWE-209
critical
9.8
2018-08-03 CVE-2018-14907 Information Exposure Through an Error Message vulnerability in 3CX web Server 15.5.8801.3
The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname.
network
low complexity
3cx CWE-209
5.3
2018-07-18 CVE-2018-8042 Information Exposure Through an Error Message vulnerability in Apache Ambari
Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services.
network
high complexity
apache CWE-209
8.1
2018-05-22 CVE-2018-11325 Information Exposure Through an Error Message vulnerability in Joomla Joomla!
An issue was discovered in Joomla! Core before 3.8.8.
network
low complexity
joomla CWE-209
critical
9.8
2018-02-14 CVE-2018-2379 Information Exposure Through an Error Message vulnerability in SAP Hana Extended Application Services 1.0
In SAP HANA Extended Application Services, 1.0, an unauthenticated user could test if a given username is valid by evaluating error messages of a specific endpoint.
network
low complexity
sap CWE-209
6.5
2017-07-31 CVE-2017-1370 Information Exposure Through an Error Message vulnerability in IBM Jazz Reporting Service
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page.
network
low complexity
ibm CWE-209
4.9
2017-04-29 CVE-2017-7945 Information Exposure Through an Error Message vulnerability in Paloaltonetworks Pan-Os
The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769.
network
low complexity
paloaltonetworks CWE-209
critical
9.8