Total
8699 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-4007 | 2 Google, Mixi | 2 Android, Mixi | 2024-09-17 | N/A |
The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card. | ||||
CVE-2018-1999046 | 1 Jenkins | 1 Jenkins | 2024-09-17 | N/A |
A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent. | ||||
CVE-2018-3646 | 2 Intel, Redhat | 16 Core I3, Core I5, Core I7 and 13 more | 2024-09-17 | N/A |
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. | ||||
CVE-2019-11294 | 1 Cloudfoundry | 2 Capi-release, Cf-deployment | 2024-09-17 | 4.3 Medium |
Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins. | ||||
CVE-2022-20811 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2024-09-17 | 5.5 Medium |
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
CVE-2017-12543 | 1 Hp | 5 Integrated Lights-out, Integrated Lights-out 2 Firmware, Integrated Lights-out 3 Firmware and 2 more | 2024-09-17 | N/A |
A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30 was found. | ||||
CVE-2015-9256 | 1 Datto | 16 Alto 2, Alto 2 Firmware, Alto 3 and 13 more | 2024-09-17 | N/A |
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default. | ||||
CVE-2011-3813 | 1 Vwar | 1 Virtual War | 2024-09-17 | N/A |
Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/language/dutch.inc.php and certain other files. | ||||
CVE-2017-14114 | 1 Rtpproxy | 1 Rtpproxy | 2024-09-17 | N/A |
RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in not properly determining the IP address and port number of the legitimate recipient of RTP traffic, which allows remote attackers to obtain sensitive information or cause a denial of service (communication outage) via crafted RTP packets. | ||||
CVE-2018-1587 | 1 Ibm | 2 Rational Rhapsody Design Manager, Rational Software Architect Design Manager | 2024-09-17 | N/A |
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error messages to allow an adversary to gain information about the application and database that could be used to conduct further attacks. IBM X-Force ID: 143500. | ||||
CVE-2013-1140 | 1 Cisco | 1 Security Monitoring Analysis And Response System | 2024-09-17 | N/A |
The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093. | ||||
CVE-2018-1614 | 1 Ibm | 1 Websphere Application Server | 2024-09-17 | N/A |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270. | ||||
CVE-2012-3829 | 1 Joomla | 1 Joomla\! | 2024-09-17 | N/A |
Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header. | ||||
CVE-2016-1265 | 1 Juniper | 1 Junos Space | 2024-09-17 | N/A |
A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected. | ||||
CVE-2017-2294 | 1 Puppet | 1 Puppet Enterprise | 2024-09-17 | N/A |
Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive (a feature added in Puppet 4.6), so key values could be logged and stored in PuppetDB. These releases use the sensitive data type to ensure this won't happen anymore. | ||||
CVE-2018-1323 | 2 Apache, Redhat | 2 Tomcat Jk Connector, Jboss Core Services | 2024-09-17 | N/A |
The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy. | ||||
CVE-2019-4349 | 1 Ibm | 1 Maximo Anywhere | 2024-09-17 | 3.5 Low |
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 applications can be installed on a deprecated operating system version that could compromised the confidentiality and integrity of the service. IBM X-Force ID: 161486 | ||||
CVE-2013-0284 | 1 Newrelic | 1 Ruby Agent | 2024-09-17 | N/A |
Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information (database credentials and SQL statements) by sniffing the network and deserializing the data. | ||||
CVE-2016-0238 | 1 Ibm | 1 Security Guardium | 2024-09-17 | N/A |
IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 110409 | ||||
CVE-2012-3996 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-09-17 | N/A |
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php. |