Total
8775 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7506 | 1 Moxa | 1 Mxview | 2024-09-17 | N/A |
| The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information. | ||||
| CVE-2018-1950 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-09-17 | N/A |
| IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance generates an error message that includes sensitive information about its environment, users, or associated data which could be used in further attacks against the system. IBM X-Force ID: 153430. | ||||
| CVE-2017-9149 | 1 Metadata Anonymisation Toolkit Project | 1 Metadata Anonymisation Toolkit | 2024-09-17 | N/A |
| Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to perform "Clean metadata" actions upon invocation from the Nautilus contextual menu, which allows context-dependent attackers to obtain sensitive information by reading a file for which cleaning had been attempted. | ||||
| CVE-2017-11510 | 1 Wanscam | 2 Hw0021, Hw0021 Firmware | 2024-09-17 | N/A |
| An information leak exists in Wanscam's HW0021 network camera that allows an unauthenticated remote attacker to recover the administrator username and password via an ONVIF GetSnapshotUri request. | ||||
| CVE-2017-9680 | 1 Google | 1 Android | 2024-09-17 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message. | ||||
| CVE-2017-11835 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-09-17 | N/A |
| Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be disclosed due to the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11832. | ||||
| CVE-2018-14803 | 1 Philips | 2 E-alert, E-alert Firmware | 2024-09-17 | N/A |
| Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The Philips e-Alert contains a banner disclosure vulnerability that could allow attackers to obtain extraneous product information, such as OS and software components, via the HTTP response header that is normally not available to the attacker, but might be useful information in an attack. | ||||
| CVE-2020-5331 | 1 Rsa | 1 Archer | 2024-09-17 | 8.8 High |
| RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Users’ session information could potentially be stored in cache or log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks. | ||||
| CVE-2016-2970 | 1 Ibm | 1 Sametime | 2024-09-17 | N/A |
| IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attackers. IBM X-Force ID: 113851. | ||||
| CVE-2011-3697 | 1 Achievo | 1 Achievo | 2024-09-17 | N/A |
| Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraph_radar.php and certain other files. | ||||
| CVE-2012-5182 | 1 Naver | 1 Loctouch | 2024-09-17 | N/A |
| The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted application. | ||||
| CVE-2011-4850 | 2 Microsoft, Parallels | 3 Windows 2003 Server, Windows Server 2008, Parallels Plesk Panel | 2024-09-17 | N/A |
| The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by help.php and certain other files. | ||||
| CVE-2017-3892 | 1 Blackberry | 1 Qnx Software Development Platform | 2024-09-17 | N/A |
| In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources. | ||||
| CVE-2009-4303 | 1 Moodle | 1 Moodle | 2024-09-17 | N/A |
| Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified "secrets" in backup files, which might allow attackers to obtain sensitive information. | ||||
| CVE-2017-13201 | 1 Google | 1 Android | 2024-09-17 | N/A |
| An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63982768. | ||||
| CVE-2013-1814 | 1 Apache | 1 Rave | 2024-09-17 | N/A |
| The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response. | ||||
| CVE-2017-1342 | 1 Ibm | 1 Insights Foundation For Energy | 2024-09-17 | N/A |
| IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks. IBM X-Force ID: 126457. | ||||
| CVE-2008-7146 | 1 Intralearn | 1 Intralearn | 2024-09-17 | N/A |
| IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allows remote attackers to obtain sensitive information via a direct request to (1) Knowledge_Impact_Course.htm, (2) LRN-formatted_Course.htm, or (3) Create_Course.htm in help/1/Instructor/, which reveals the installation path in an error message. | ||||
| CVE-2011-3802 | 1 Status | 1 Statusnet | 2024-09-17 | N/A |
| StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php and certain other files. | ||||
| CVE-2018-6921 | 1 Freebsd | 1 Freebsd | 2024-09-17 | N/A |
| In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to insufficient initialization of memory copied to userland in the network subsystem, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data. | ||||