| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: File Management). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). |
| LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to read arbitrary files via crafted EDOC files. |
| OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20, and 40 and OpenScape Desk Phone IP 35G HFA V3, and OpenScape Desk Phone IP 35G Eco HFA V3 use non-unique X.509 certificates and SSH host keys. |
| The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext. |
| txAWS (all current versions) fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure. |
| An information disclosure vulnerability in the Qualcomm shared memory driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33845464. References: QC-CR#1109782. |
| An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33621829. References: QC-CR#1105481. |
| The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information. |
| salt before 2015.5.5 leaks git usernames and passwords to the log. |
| Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup. |
| The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks. |
| simple-php-captcha before commit 9d65a945029c7be7bb6bc893759e74c5636be694 allows remote attackers to automatically generate the captcha response by running the same code on the client-side. |
| The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network. |
| upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. |
| Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user. |
| A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain. |
| The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL. |
| Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). |
| The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token. |
