Total
8775 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7272 | 1 Forgerock | 1 Access Management | 2024-09-17 | N/A |
| The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file. | ||||
| CVE-2017-1355 | 1 Ibm | 1 Atlas Ediscovery Process Management | 2024-09-17 | N/A |
| IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 126682. | ||||
| CVE-2017-11761 | 1 Microsoft | 1 Exchange Server | 2024-09-17 | N/A |
| Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability" | ||||
| CVE-2017-9794 | 1 Apache | 1 Geode | 2024-09-17 | N/A |
| When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing data that the user is not authorized to view. | ||||
| CVE-2009-4298 | 1 Moodle | 1 Moodle | 2024-09-17 | N/A |
| The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors. | ||||
| CVE-2017-8944 | 1 Hp | 1 Cloud Optimizer | 2024-09-17 | N/A |
| A Remote Disclosure of Information vulnerability in HPE Cloud Optimizer version v3.0x was found. | ||||
| CVE-2018-1000187 | 1 Jenkins | 1 Kubernetes | 2024-09-17 | N/A |
| A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs. | ||||
| CVE-2016-10519 | 1 Webtorrent | 1 Bittorrent-dht | 2024-09-17 | N/A |
| A security issue was found in bittorrent-dht before 5.1.3 that allows someone to send a specific series of messages to a listening peer and get it to reveal internal memory. | ||||
| CVE-2022-40194 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2024-09-17 | 5.3 Medium |
| Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress | ||||
| CVE-2018-1000609 | 1 Jenkins | 1 Configuration As Code | 2024-09-17 | N/A |
| A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration. | ||||
| CVE-2018-13868 | 1 Hdfgroup | 1 Hdf5 | 2024-09-17 | N/A |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_fill_old_decode in H5Ofill.c. | ||||
| CVE-2017-9393 | 1 Ca | 2 Identity Manager, Identity Manager Virtual Appliance | 2024-09-17 | N/A |
| CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. | ||||
| CVE-2017-1785 | 1 Ibm | 1 Api Connect | 2024-09-17 | N/A |
| IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859. | ||||
| CVE-2012-2327 | 1 Mybb | 1 Mybb | 2024-09-17 | N/A |
| MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message. | ||||
| CVE-2009-4629 | 1 Mozilla | 2 Seamonkey, Thunderbird | 2024-09-17 | N/A |
| Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other applications, performs DNS prefetching even when the app type is APP_TYPE_MAIL or APP_TYPE_EDITOR, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests, as demonstrated by DNS requests triggered by reading text/plain e-mail messages in Thunderbird. | ||||
| CVE-2018-4835 | 1 Siemens | 1 Telecontrol Server Basic | 2024-09-17 | N/A |
| A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information. | ||||
| CVE-2012-2387 | 1 Debian | 1 Devotee | 2024-09-17 | N/A |
| devotee 0.1 patch 2 uses a 32-bit seed for generating 48-bit random numbers, which makes it easier for remote attackers to obtain the secret monikers via a brute force attack. | ||||
| CVE-2017-1229 | 1 Ibm | 1 Bigfix Platform | 2024-09-17 | N/A |
| IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 123908. | ||||
| CVE-2018-1886 | 1 Ibm | 1 Security Access Manager | 2024-09-17 | N/A |
| IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 152021. | ||||
| CVE-2018-0879 | 1 Microsoft | 2 Edge, Windows 10 | 2024-09-17 | N/A |
| Microsoft Edge in Windows 10 1709 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". | ||||