Total
8776 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-18192 | 1 Photo\,video Locker-calculator Project | 1 Photo\,video Locker-calculator | 2024-09-16 | N/A |
| smart/calculator/gallerylock/CalculatorActivity.java in the "Photo,Video Locker-Calculator" application through 18 for Android allows attackers to access files via the backdoor 17621762 PIN. | ||||
| CVE-2017-1162 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-09-16 | N/A |
| IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 122957. | ||||
| CVE-2019-1908 | 1 Cisco | 5 Integrated Management Controller Supervisor, Ucs C125 M5, Ucs C4200 and 2 more | 2024-09-16 | 7.5 High |
| A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the affected software. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional attacks. | ||||
| CVE-2017-8684 | 1 Microsoft | 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more | 2024-09-16 | N/A |
| Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1, allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8685 and CVE-2017-8688. | ||||
| CVE-2017-8708 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-09-16 | N/A |
| The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8679, CVE-2017-8709, and CVE-2017-8719. | ||||
| CVE-2017-1086 | 1 Freebsd | 1 Freebsd | 2024-09-16 | N/A |
| In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information of the kernel stack of the thread is possible from the debugger. As a result, some bytes from the kernel stack of the thread using ptrace (PT_LWPINFO) call can be observed in userspace. | ||||
| CVE-2018-1470 | 1 Ibm | 1 Sterling File Gateway | 2024-09-16 | N/A |
| IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote authenticated attacker to obtain sensitive information displayed in the URL that could lead to further attacks against the system. IBM X-Force ID: 140688. | ||||
| CVE-2007-5028 | 1 Dibbler | 1 Dibbler | 2024-09-16 | N/A |
| Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspecified files in /var/lib/dibbler, which has unknown impact and local attack vectors. | ||||
| CVE-2018-6846 | 1 Zblogcn | 1 Z-blogphp | 2024-09-16 | N/A |
| Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via a direct request to zb_system/function/lib/upload.php. | ||||
| CVE-2016-9700 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2024-09-16 | N/A |
| IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528. | ||||
| CVE-2017-8516 | 1 Microsoft | 1 Sql Server | 2024-09-16 | 7.5 High |
| Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Disclosure Vulnerability". | ||||
| CVE-2015-8232 | 1 Uc Profile Project | 1 Uc Profile | 2024-09-16 | N/A |
| The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not properly check access to profiles in certain circumstances, which might allow remote attackers to obtain sensitive information from the anonymous user profile via unspecified vectors. | ||||
| CVE-2013-1829 | 1 Moodle | 1 Moodle | 2024-09-16 | N/A |
| calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not consider capability requirements before displaying calendar subscriptions, which allows remote authenticated users to obtain potentially sensitive information by leveraging the student role. | ||||
| CVE-2018-1393 | 1 Ibm | 1 Financial Transaction Manager | 2024-09-16 | N/A |
| IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138378. | ||||
| CVE-2021-0212 | 1 Juniper | 1 Contrail Networking | 2024-09-16 | 5 Medium |
| An Information Exposure vulnerability in Juniper Networks Contrail Networking allows a locally authenticated attacker able to read files to retrieve administrator credentials stored in plaintext thereby elevating their privileges over the system. This issue affects: Juniper Networks Contrail Networking versions prior to 1911.31. | ||||
| CVE-2018-13258 | 1 Mediawiki | 1 Mediawiki | 2024-09-16 | N/A |
| Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible. | ||||
| CVE-2018-0855 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-09-16 | N/A |
| The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0755, CVE-2018-0760, and CVE-2018-0761. | ||||
| CVE-2011-3823 | 1 Yamamah | 1 Yamamah | 2024-09-16 | N/A |
| Yamamah 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/index.php and certain other files. | ||||
| CVE-2017-8952 | 1 Hp | 1 Sitescope | 2024-09-16 | N/A |
| A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found. | ||||
| CVE-2017-0785 | 1 Google | 1 Android | 2024-09-16 | N/A |
| A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698. | ||||