Total
8780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16977 | 1 Monstra | 1 Monstra | 2024-09-16 | N/A |
| Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUMENT_ROOT, and SERVER_ADMIN) in libraries/Gelato/ErrorHandler/Resources/Views/Errors/exception.php. | ||||
| CVE-2012-1607 | 1 Typo3 | 1 Typo3 | 2024-09-16 | N/A |
| The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request. | ||||
| CVE-2011-0244 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2024-09-16 | N/A |
| WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS feeds. | ||||
| CVE-2018-12433 | 1 Cryptlib | 1 Cryptlib | 2024-09-16 | 4.9 Medium |
| cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the vendor does not include side-channel attacks within its threat model | ||||
| CVE-2018-3640 | 2 Arm, Intel | 199 Cortex-a, Atom C, Atom E and 196 more | 2024-09-16 | N/A |
| Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a. | ||||
| CVE-2011-3744 | 1 Htmlpurifier | 1 Html Purifier | 2024-09-16 | N/A |
| HTML Purifier 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/PHPT/Reporter/SimpleTest.php and certain other files. | ||||
| CVE-2017-16770 | 1 Synology | 1 Surveillance Station | 2024-09-16 | N/A |
| File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter. | ||||
| CVE-2011-3738 | 1 Fengoffice | 1 Feng Office | 2024-09-16 | N/A |
| Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files. | ||||
| CVE-2017-1333 | 1 Ibm | 1 Openpages Grc Platform | 2024-09-16 | N/A |
| IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. IBM X-Force ID: 126241. | ||||
| CVE-2014-8665 | 1 Sap | 1 Business Intelligence Development Workbench | 2024-09-16 | N/A |
| The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files. | ||||
| CVE-2022-23158 | 1 Dell | 1 Wyse Device Agent | 2024-09-16 | 6 Medium |
| Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server | ||||
| CVE-2021-22272 | 2 Abb, Busch-jaeger | 2 Mybuildings, Mybusch-jaeger | 2024-09-16 | 6.5 Medium |
| The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. This issue affects: ABB and Busch-Jaeger, ControlTouch | ||||
| CVE-2012-4976 | 1 Layton Technology | 1 Helpbox | 2024-09-16 | N/A |
| selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an error page. | ||||
| CVE-2020-29075 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-09-16 | 7.1 High |
| Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an attacker to get a DNS interaction and track if the user has opened or closed a PDF file when loaded from the filesystem without a prompt. User interaction is required to exploit this vulnerability. | ||||
| CVE-2011-3452 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-09-16 | N/A |
| Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network. | ||||
| CVE-2015-7305 | 1 Ows | 1 Scald | 2024-09-16 | N/A |
| The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, which allows remote attackers to obtain sensitive atom property information via vectors involving a "debug context." | ||||
| CVE-2011-3747 | 1 Joomla | 1 Joomla\! | 2024-09-16 | N/A |
| Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php. | ||||
| CVE-2013-1185 | 1 Cisco | 6 Unified Computing System 6120xp Fabric Interconnect, Unified Computing System 6140xp Fabric Interconnect, Unified Computing System 6248up Fabric Interconnect and 3 more | 2024-09-16 | N/A |
| The web interface in the Manager component in Cisco Unified Computing System (UCS) 1.x and 2.x before 2.0(2m) allows remote attackers to obtain sensitive information by reading a (1) technical-support bundle file or (2) on-device configuration backup, aka Bug ID CSCtq86543. | ||||
| CVE-2017-1497 | 1 Ibm | 1 Sterling File Gateway | 2024-09-16 | N/A |
| IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. IBM X-Force ID: 128695. | ||||
| CVE-2020-13597 | 1 Projectcalico | 1 Calico | 2024-09-16 | 6 Medium |
| Clusters using Calico (version 3.14.0 and below), Calico Enterprise (version 2.8.2 and below), may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node’s IPv6 interface due to the node accepting route advertisement by default, allowing the attacker to redirect full or partial network traffic from the node to the compromised pod. | ||||