Total
8775 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1645 | 1 Cisco | 1 Connected Mobile Experiences | 2024-09-17 | N/A |
| A vulnerability in the Cisco Connected Mobile Experiences (CMX) software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. The vulnerability is due to a lack of input and validation checking mechanisms for certain GET requests to API's on an affected device. An attacker could exploit this vulnerability by sending HTTP GET requests to an affected device. An exploit could allow the attacker to use this information to conduct additional reconnaissance attacks. | ||||
| CVE-2008-2432 | 1 Novell | 1 Iprint | 2024-09-17 | N/A |
| Insecure method vulnerability in the GetFileList method in an unspecified ActiveX control in Novell iPrint Client before 5.06 allows remote attackers to list the image files in an arbitrary directory via a directory name in the argument. | ||||
| CVE-2017-12622 | 1 Apache | 1 Geode | 2024-09-17 | N/A |
| When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges. | ||||
| CVE-2018-13290 | 1 Synology | 1 Router Manager | 2024-09-17 | N/A |
| Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter. | ||||
| CVE-2011-3719 | 1 Codeigniter | 1 Codeigniter | 2024-09-17 | N/A |
| CodeIgniter 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files. | ||||
| CVE-2018-17956 | 1 Opensuse | 1 Yast2-samba-provision | 2024-09-17 | 7.8 High |
| In yast2-samba-provision up to and including version 1.0.1 the password for samba shares was provided on the command line to tools used by yast2-samba-provision, allowing local attackers to read them in the process list | ||||
| CVE-2014-2869 | 1 Paperthin | 1 Commonspot Content Server | 2024-09-17 | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain sensitive information via requests to unspecified URIs, as demonstrated by pathname, SQL server, e-mail address, and IP address information. | ||||
| CVE-2017-3115 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2024-09-17 | N/A |
| Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an information disclosure vulnerability when handling links in a PDF document. | ||||
| CVE-2020-4565 | 1 Ibm | 1 Spectrum Protect Plus | 2024-09-17 | 5.9 Medium |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. IBM X-Force ID: 183935. | ||||
| CVE-2015-8601 | 1 Chat Room Project | 1 Chat Room | 2024-09-17 | N/A |
| The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vectors. | ||||
| CVE-2013-6868 | 1 Sybase | 1 Adaptive Server Enterprise | 2024-09-17 | N/A |
| SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2017-14775 | 1 Laravel | 1 Laravel | 2024-09-17 | N/A |
| Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison. | ||||
| CVE-2018-18591 | 1 Microfocus | 1 Service Manager | 2024-09-17 | N/A |
| A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51. The vulnerability could be exploited to release unauthorized disclosure of data. | ||||
| CVE-2017-11031 | 1 Google | 1 Android | 2024-09-17 | N/A |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the VIDIOC_G_SDE_ROTATOR_FENCE ioctl command can be used to cause a Use After Free condition. | ||||
| CVE-2019-4140 | 1 Ibm | 1 Spectrum Protect | 2024-09-17 | 7.1 High |
| IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. IBM X-Force ID: 158336. | ||||
| CVE-2011-4895 | 1 Tor | 1 Tor | 2024-09-17 | N/A |
| Tor before 0.2.2.34, when configured as a bridge, sets up circuits through a process different from the process used by a client, which makes it easier for remote attackers to enumerate bridges by observing circuit building. | ||||
| CVE-2017-0823 | 1 Google | 1 Android | 2024-09-17 | N/A |
| An information disclosure vulnerability in the Android system (rild). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37896655. | ||||
| CVE-2017-13157 | 1 Google | 1 Android | 2024-09-17 | N/A |
| An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32990341. | ||||
| CVE-2018-2022 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-09-17 | 5.3 Medium |
| IBM QRadar SIEM 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 155346. | ||||
| CVE-2017-1116 | 1 Ibm | 1 Campaign | 2024-09-17 | N/A |
| IBM Campaign 8.6, 9.0, 9.1, 9.1.1, 9.1.2, and 10.0 contains excessive details on the client side which could provide information useful for an authenticated user to conduct other attacks. IBM X-Force ID: 121154. | ||||