Filtered by CWE-200
Total 8775 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-3735 1 Escortwebsitedesign 1 Escort-agency-cms 2024-09-17 N/A
Escort Agency CMS (aka escort-agency-cms) allows remote attackers to obtain sensitive information via crafted array parameters in a request to a .php file, which reveals the installation path in an error message, as demonstrated by makethumb.php and certain other files.
CVE-2020-10264 1 Universal-robots 7 Ur10, Ur10e, Ur3 and 4 more 2024-09-17 8.8 High
CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Real-Time Data Exchange) interface on port 30004 which allows setting registers, the speed slider fraction as well as digital and analog Outputs. Additionally unautheticated reading of robot data is also possible
CVE-2020-4186 1 Ibm 1 Security Guardium 2024-09-17 5.3 Medium
IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174804.
CVE-2018-18289 1 Mesilat 1 Zabbix 2024-09-17 N/A
The MESILAT Zabbix plugin before 1.1.15 for Atlassian Confluence allows attackers to read arbitrary files.
CVE-2018-14785 1 Netcommwireless 2 Nwl-25, Nwl-25 Firmware 2024-09-17 N/A
NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The directory of the device is listed openly without authentication.
CVE-2017-0669 1 Google 1 Android 2024-09-17 N/A
A information disclosure vulnerability in the Android framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114752.
CVE-2012-6536 1 Linux 1 Linux Kernel 2024-09-17 N/A
net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability and providing a (1) new or (2) updated state.
CVE-2021-26566 1 Synology 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more 2024-09-17 8.3 High
Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.
CVE-2018-1949 1 Ibm 1 Security Identity Governance And Intelligence 2024-09-17 N/A
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153429.
CVE-2018-1388 1 Ibm 1 Websphere Mq 2024-09-17 N/A
GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. IBM X-Force ID: 138212.
CVE-2018-1334 1 Apache 1 Spark 2024-09-17 N/A
In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.
CVE-2018-18487 1 Gxlcms 1 Gxlcms 2024-09-17 N/A
In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mt_rand() unsafely, resulting in predictable database backup file locations.
CVE-2018-0763 1 Microsoft 2 Edge, Windows 10 2024-09-17 N/A
Microsoft Edge in Microsoft Windows 10 1703 and 1709 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0839.
CVE-2020-12777 1 Combodo 1 Itop 2024-09-17 7.5 High
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.
CVE-2017-1765 1 Ibm 2 Business Process Manager, Business Process Manager Enterprise Service Bus 2024-09-17 N/A
IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150.
CVE-2017-16064 1 Node-openssl Project 1 Node-openssl 2024-09-17 N/A
node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVE-2011-1416 1 Rim 2 Blackberry Torch 9800, Blackberry Torch 9800 Firmware 2024-09-17 N/A
The Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246 allows attackers to read the contents of memory locations via unknown vectors, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011.
CVE-2019-1877 1 Cisco 1 Enterprise Chat And Email 2024-09-17 6.5 Medium
A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to download files that other users attach through the chat feature. This vulnerability affects versions prior to 12.0(1)ES1.
CVE-2010-2612 1 Hp 2 Openvms, Openvms For Integrity Servers 2024-09-17 N/A
Unspecified vulnerability in the HP OpenVMS Auditing feature in OpenVMS ALPHA 7.3-2, 8.2, and 8.3; and OpenVMS for Integrity Servers 8.3 AND 8.3-1H1; allows local users to obtain sensitive information via unknown vectors.
CVE-2011-3793 1 Lucidcrew 1 Pixie 2024-09-17 N/A
Pixie 1.04 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/modules/static.php and certain other files.