Total
8775 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-3646 | 2 Intel, Redhat | 16 Core I3, Core I5, Core I7 and 13 more | 2024-09-17 | N/A |
| Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. | ||||
| CVE-2019-11294 | 1 Cloudfoundry | 2 Capi-release, Cf-deployment | 2024-09-17 | 4.3 Medium |
| Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins. | ||||
| CVE-2017-12543 | 1 Hp | 5 Integrated Lights-out, Integrated Lights-out 2 Firmware, Integrated Lights-out 3 Firmware and 2 more | 2024-09-17 | N/A |
| A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30 was found. | ||||
| CVE-2015-9256 | 1 Datto | 16 Alto 2, Alto 2 Firmware, Alto 3 and 13 more | 2024-09-17 | N/A |
| Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default. | ||||
| CVE-2011-3813 | 1 Vwar | 1 Virtual War | 2024-09-17 | N/A |
| Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/language/dutch.inc.php and certain other files. | ||||
| CVE-2017-14114 | 1 Rtpproxy | 1 Rtpproxy | 2024-09-17 | N/A |
| RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in not properly determining the IP address and port number of the legitimate recipient of RTP traffic, which allows remote attackers to obtain sensitive information or cause a denial of service (communication outage) via crafted RTP packets. | ||||
| CVE-2018-1587 | 1 Ibm | 2 Rational Rhapsody Design Manager, Rational Software Architect Design Manager | 2024-09-17 | N/A |
| IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error messages to allow an adversary to gain information about the application and database that could be used to conduct further attacks. IBM X-Force ID: 143500. | ||||
| CVE-2013-1140 | 1 Cisco | 1 Security Monitoring Analysis And Response System | 2024-09-17 | N/A |
| The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093. | ||||
| CVE-2018-1614 | 1 Ibm | 1 Websphere Application Server | 2024-09-17 | N/A |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270. | ||||
| CVE-2012-3829 | 1 Joomla | 1 Joomla\! | 2024-09-17 | N/A |
| Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header. | ||||
| CVE-2016-1265 | 1 Juniper | 1 Junos Space | 2024-09-17 | N/A |
| A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected. | ||||
| CVE-2017-2294 | 1 Puppet | 1 Puppet Enterprise | 2024-09-17 | N/A |
| Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive (a feature added in Puppet 4.6), so key values could be logged and stored in PuppetDB. These releases use the sensitive data type to ensure this won't happen anymore. | ||||
| CVE-2018-1323 | 2 Apache, Redhat | 2 Tomcat Jk Connector, Jboss Core Services | 2024-09-17 | N/A |
| The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy. | ||||
| CVE-2019-4349 | 1 Ibm | 1 Maximo Anywhere | 2024-09-17 | 3.5 Low |
| IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 applications can be installed on a deprecated operating system version that could compromised the confidentiality and integrity of the service. IBM X-Force ID: 161486 | ||||
| CVE-2013-0284 | 1 Newrelic | 1 Ruby Agent | 2024-09-17 | N/A |
| Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information (database credentials and SQL statements) by sniffing the network and deserializing the data. | ||||
| CVE-2016-0238 | 1 Ibm | 1 Security Guardium | 2024-09-17 | N/A |
| IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 110409 | ||||
| CVE-2012-3996 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-09-17 | N/A |
| TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php. | ||||
| CVE-2018-20571 | 1 Damicms | 1 Damicms | 2024-09-17 | N/A |
| DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file. | ||||
| CVE-2020-14183 | 1 Atlassian | 1 Jira | 2024-09-17 | 4.3 Medium |
| Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure vulnerability in the HTTP Response headers. The affected versions are before version 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before 8.12.1. | ||||
| CVE-2020-26869 | 1 Pcvuesolutions | 1 Pcvue | 2024-09-17 | 7.5 High |
| ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit. | ||||