Total
8775 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1000191 | 1 Jenkins | 1 Synopsys Detect | 2024-09-17 | N/A |
| A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2012-0690 | 1 Tibco | 4 Spotfire Analytics Server, Spotfire Professional, Spotfire Server and 1 more | 2024-09-17 | N/A |
| TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL. | ||||
| CVE-2018-1874 | 1 Ibm | 1 Api Connect | 2024-09-17 | N/A |
| IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636. | ||||
| CVE-2012-5222 | 2 Hp, Microsoft | 2 Service Manager Web Tier, Windows | 2024-09-17 | N/A |
| HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2018-1663 | 1 Ibm | 1 Datapower Gateway | 2024-09-17 | N/A |
| IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 144889. | ||||
| CVE-2018-19358 | 1 Gnome | 1 Gnome-keyring | 2024-09-17 | N/A |
| GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. NOTE: the vendor disputes this because, according to the security model, untrusted applications must not be allowed to access the user's session bus socket. | ||||
| CVE-2014-9361 | 1 Logintoboggan Project | 1 Logintoboggan | 2024-09-17 | N/A |
| The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not properly unset the authorized user role for certain users, which allows remote attackers with the pre-authorized role to gain privileges and possibly obtain sensitive information by accessing a Page Not Found (404) page. | ||||
| CVE-2012-6543 | 1 Linux | 1 Linux Kernel | 2024-09-17 | N/A |
| The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | ||||
| CVE-2017-13206 | 1 Google | 1 Android | 2024-09-17 | N/A |
| An information disclosure vulnerability in the Android media framework (aacdec). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65025048. | ||||
| CVE-2017-8254 | 1 Google | 1 Android | 2024-09-17 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid. | ||||
| CVE-2017-16051 | 1 Sqliter Project | 1 Sqliter | 2024-09-17 | N/A |
| `sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||||
| CVE-2020-7387 | 1 Sage | 3 Adxadmin, X3, X3 Hr \& Payroll | 2024-09-17 | 5.3 Medium |
| Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fixed in AdxAdmin 93.2.53, which ships with updates for on-premises versions of Sage X3 Version 9 (components shipped with Syracuse 9.22.7.2 and later), Sage X3 HR & Payroll Version 9 (those components that ship with Syracuse 9.24.1.3), Version 11 (components shipped with Syracuse 11.25.2.6 and later), and Version 12 (components shipped with Syracuse 12.10.2.8 and later) of Sage X3. Other on-premises versions of Sage X3 are unsupported by the vendor. | ||||
| CVE-2013-4317 | 1 Apache | 1 Cloudstack | 2024-09-17 | N/A |
| In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own. | ||||
| CVE-2018-10522 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-17 | N/A |
| In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents function. | ||||
| CVE-2018-0018 | 1 Juniper | 21 Junos, Srx100, Srx110 and 18 more | 2024-09-17 | N/A |
| On SRX Series devices during compilation of IDP policies, an attacker sending specially crafted packets may be able to bypass firewall rules, leading to information disclosure which an attacker may use to gain control of the target device or other internal devices, systems or services protected by the SRX Series device. This issue only applies to devices where IDP policies are applied to one or more rules. Customers not using IDP policies are not affected. Depending on if the IDP updates are automatic or not, as well as the interval between available updates, an attacker may have more or less success in performing reconnaissance or bypass attacks on the victim SRX Series device or protected devices. ScreenOS with IDP is not vulnerable to this issue. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX; 12.3X48 versions prior to 12.3X48-D35 on SRX; 15.1X49 versions prior to 15.1X49-D60 on SRX. | ||||
| CVE-2013-5936 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-09-17 | N/A |
| The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers to obtain sensitive information about (1) runtime activity, (2) network configuration, (3) user sessions, (4) the memcache interface, and (5) the REST interface via API calls such as a hazelcast/rest/cluster/ call, a different vulnerability than CVE-2013-5200. | ||||
| CVE-2018-5497 | 1 Netapp | 1 Clustered Data Ontap | 2024-09-17 | N/A |
| Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user. | ||||
| CVE-2018-12735 | 1 Saj-electric | 1 Saj Solar Inverter | 2024-09-17 | N/A |
| SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverter_info.htm or english_main.htm URI. | ||||
| CVE-2017-1756 | 1 Ibm | 3 Business Process Manager, Business Process Manager Enterprise Service Bus, Websphere | 2024-09-17 | N/A |
| IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856. | ||||
| CVE-2018-1655 | 1 Ibm | 1 Aix | 2024-09-17 | N/A |
| IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748. | ||||