Total
8775 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-3245 | 1 Blackboard | 1 Transact Suite | 2024-09-17 | N/A |
| The automated-backup functionality in Blackboard Transact Suite (formerly Blackboard Commerce Suite) stores the (1) database username and (2) database password in cleartext in (a) script and (b) batch (.bat) files, which allows local users to obtain sensitive information by reading a file. | ||||
| CVE-2019-4173 | 1 Ibm | 1 Cognos Controller | 2024-09-17 | 6.5 Medium |
| IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to read secret data from process memory and obtain sensitive information. IBM X-Force ID: 158878. | ||||
| CVE-2017-16065 | 1 Openssl.js Project | 1 Openssl.js | 2024-09-17 | N/A |
| openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||||
| CVE-2017-0699 | 1 Google | 1 Android | 2024-09-17 | N/A |
| A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36490809. | ||||
| CVE-2019-11064 | 2 Androvideo, Geovision | 6 Vd 1, Vd 1 Firmware, Gv-vd8700 and 3 more | 2024-09-17 | 9.8 Critical |
| A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator’s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication. | ||||
| CVE-2017-1000234 | 1 I-librarian | 1 I Librarian | 2024-09-17 | N/A |
| I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter | ||||
| CVE-2012-6104 | 1 Moodle | 1 Moodle | 2024-09-17 | N/A |
| blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed. | ||||
| CVE-2011-3712 | 1 Cakefoundation | 1 Cakephp | 2024-09-17 | N/A |
| CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by dispatcher.php and certain other files. | ||||
| CVE-2017-7646 | 1 Solarwinds | 1 Log \& Event Manager | 2024-09-17 | N/A |
| SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within. | ||||
| CVE-2015-9163 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9650 and 51 more | 2024-09-17 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a PlayReady function, information exposure can occur. | ||||
| CVE-2022-27875 | 1 F5 | 1 Access For Android | 2024-09-17 | 5.5 Medium |
| On F5 Access for Android 3.x versions prior to 3.0.8, a Task Hijacking vulnerability exists in the F5 Access for Android application, which may allow an attacker to steal sensitive user information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2017-15321 | 1 Huawei | 1 Fusionsphere Openstack | 2024-09-17 | N/A |
| Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak. | ||||
| CVE-2017-16769 | 1 Synology | 1 Photo Station | 2024-09-17 | N/A |
| Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode. | ||||
| CVE-2021-46778 | 1 Amd | 358 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 355 more | 2024-09-17 | 5.6 Medium |
| Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information. | ||||
| CVE-2018-14034 | 1 Hdfgroup | 1 Hdf5 | 2024-09-17 | N/A |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5O_pline_reset in H5Opline.c. | ||||
| CVE-2016-10533 | 1 Express-restify-mongoose Project | 1 Express-restify-mongoose | 2024-09-17 | N/A |
| express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes. | ||||
| CVE-2018-17907 | 1 Omron | 1 Cx-supervisor | 2024-09-17 | N/A |
| When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with the value of an offset, an attacker can force the application to read a value outside of an array. | ||||
| CVE-2020-15704 | 1 Canonical | 2 Ppp, Ubuntu Linux | 2024-09-17 | 5.5 Medium |
| The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504. | ||||
| CVE-2014-8735 | 1 Bad Behavior Project | 1 Bad Behavior | 2024-09-17 | N/A |
| The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log file. | ||||
| CVE-2011-3743 | 1 Hesk | 1 Hesk | 2024-09-17 | N/A |
| Hesk 2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/footer.inc.php and certain other files. | ||||