A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.
CWE-209
CVE-2020-16128
The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5.
CVE-2020-16121
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
CVE-2020-15794
A vulnerability has been identified in Desigo Insight (All versions). Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated attacker to retrieve additional information about the host system.
CVE-2020-15666
When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status to services or device discovery on a local network among other attacks. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
CVE-2020-15478
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.