Total
8775 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-13204 | 1 Google | 1 Android | 2024-09-17 | N/A |
| An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380237. | ||||
| CVE-2013-2302 | 1 Transware | 1 Active\! Mail | 2024-09-17 | N/A |
| TransWARE Active! mail 6, when an external public interface is used, allows local users to obtain sensitive information belonging to arbitrary users by leveraging shell access, as demonstrated by a TELNET or SSH session to the server. | ||||
| CVE-2013-5136 | 1 Apple | 1 Apple Remote Desktop | 2024-09-17 | N/A |
| Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session. | ||||
| CVE-2021-20332 | 1 Mongodb | 1 Rust Driver | 2024-09-17 | 4.2 Medium |
| Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credentials. Note that such monitoring is not enabled by default. This issue affects MongoDB Rust Driver version 2.0.0-alpha, MongoDB Rust Driver version 2.0.0-alpha1 and MongoDB Rust Driver version 1.0.0 through to and including 1.2.1 | ||||
| CVE-2011-4457 | 1 Owasp-java-html-sanitizer Project | 1 Owasp-java-html-sanitizer | 2024-09-17 | N/A |
| OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element. | ||||
| CVE-2017-13240 | 1 Google | 1 Android | 2024-09-17 | N/A |
| A information disclosure vulnerability in the Android framework (crypto framework). Product: Android. Versions: 8.0, 8.1. ID: A-68694819. | ||||
| CVE-2017-8980 | 1 Hp | 1 Intelligent Management Center | 2024-09-17 | N/A |
| A Remote Disclosure of Information vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | ||||
| CVE-2018-1505 | 1 Ibm | 1 I2 Enterprise Insight Analysis | 2024-09-17 | N/A |
| IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 141413. | ||||
| CVE-2017-15517 | 1 Netapp | 1 Altavault Ost Plug-in | 2024-09-17 | N/A |
| AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution. | ||||
| CVE-2014-9156 | 1 Filefield Project | 1 Filefield | 2024-09-17 | N/A |
| The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file. | ||||
| CVE-2021-40340 | 1 Hitachi | 1 Linkone | 2024-09-17 | 3.7 Low |
| Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a misconfiguration in the ASP server exposes server and ASP.net information, an attacker that manages to exploit this vulnerability can use the exposed information as a reconnaissance for further exploitation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26. | ||||
| CVE-2018-16710 | 1 Octoprint | 1 Octoprint | 2024-09-17 | N/A |
| OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting OctoPrint onto the public internet is a terrible idea, and I really can't emphasize that enough. | ||||
| CVE-2011-3772 | 1 Php-collab | 1 Phpcollab | 2024-09-17 | N/A |
| phpCollab 2.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by topics/noti_newtopic.php and certain other files. | ||||
| CVE-2012-4235 | 2 Joomla, Rsgallery2 | 2 Joomla\!, Com Rsgallery2 | 2024-09-17 | N/A |
| The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI. | ||||
| CVE-2011-2042 | 1 Cisco | 1 Ciscoworks Common Services | 2024-09-17 | N/A |
| The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018. | ||||
| CVE-2011-3809 | 1 Thehostingtool | 1 Thehostingtool | 2024-09-17 | N/A |
| TheHostingTool (THT) 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/pear/Mail/smtp.php and certain other files. | ||||
| CVE-2018-8024 | 2 Apache, Mozilla | 2 Spark, Firefox | 2024-09-17 | N/A |
| In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the user's view of the Spark UI. While some browsers like recent versions of Chrome and Safari are able to block this type of attack, current versions of Firefox (and possibly others) do not. | ||||
| CVE-2010-3979 | 1 Sap | 1 Businessobjects | 2024-09-17 | N/A |
| Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI. | ||||
| CVE-2011-5067 | 1 Sitracker | 1 Support Incident Tracker | 2024-09-17 | N/A |
| move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message. | ||||
| CVE-2017-1774 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-09-17 | N/A |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 136818. | ||||