Search
Total
3359 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7216 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive information via unspecified request parameters. | |||||
| CVE-2018-3987 | 1 Rakuten | 1 Viber | 2020-02-14 | 2.1 LOW | 5.5 MEDIUM |
| An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionality which leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device. | |||||
| CVE-2012-5828 | 1 Blackberry | 2 Playbook, Playbook Firmware | 2020-02-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerability via a Web browser component error | |||||
| CVE-2017-18642 | 1 Syska | 2 Smartlight Rainbow Led Smart Bulb, Smartlight Rainbow Led Smart Bulb Firmware | 2020-02-12 | 3.3 LOW | 6.5 MEDIUM |
| Syska Smart Bulb devices through 2017-08-06 receive RGB parameters over cleartext Bluetooth Low Energy (BLE), leading to sniffing, reverse engineering, and replay attacks. | |||||
| CVE-2013-3564 | 1 Videolan | 1 Vlc Media Player | 2020-02-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating. | |||||
| CVE-2012-6341 | 1 Netgear | 4 Wgr614v7, Wgr614v7 Firmware, Wgr614v9 and 1 more | 2020-02-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext. This is a different issue than CVE-2012-6340. | |||||
| CVE-2012-1994 | 1 Hp | 1 Systems Insight Manager | 2020-02-11 | 2.7 LOW | 5.7 MEDIUM |
| HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information | |||||
| CVE-2019-3797 | 1 Pivotal Software | 1 Spring Data Java Persistence Api | 2020-02-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly. | |||||
| CVE-2013-0192 | 1 Simplemachines | 1 Simple Machines Forum | 2020-02-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config. | |||||
| CVE-2010-3917 | 1 Google | 1 Chrome | 2020-02-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site. | |||||
| CVE-2014-9127 | 1 Open-school | 1 Open-school | 2020-02-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the value export to index.php. | |||||
| CVE-2013-1631 | 1 Veraxsystems | 1 Network Management System | 2020-02-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Verax NMS prior to 2.1.0 leaks connection details when any user executes a Repair Table action | |||||
| CVE-2013-2683 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2020-02-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information. | |||||
| CVE-2013-4187 | 1 Flippy Project | 1 Flippy | 2020-02-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Flippy module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to nodes, which allows remote authenticated users with the permission to access content to read a link or alias to a restricted node. | |||||
| CVE-2014-8328 | 1 Dynamic Content Elements Project | 1 Dynamic Content Elements | 2020-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request. | |||||
| CVE-2013-2631 | 1 Tinywebgallery | 1 Tinywebgallery | 2020-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twg_browserx" and "twg_browsery" in the page image.php. | |||||
| CVE-2014-9481 | 1 Mediawiki | 1 Mediawiki | 2020-02-05 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML. | |||||
| CVE-2019-4562 | 1 Ibm | 1 Security Directory Server | 2020-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623. | |||||
| CVE-2013-2624 | 1 Telaen Project | 1 Telaen | 2020-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Telean before 1.3.1 contains a full path disclosure vulnerability which could allow remote attackers to obtain sensitive information through a specially crafted URL request. | |||||
| CVE-2020-5220 | 1 Sylius | 1 Syliusresourcebundle | 2020-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's controller is affected. The vulnerable versions are: <1.3 || >=1.3.0 <=1.3.12 || >=1.4.0 <=1.4.5 || >=1.5.0 <=1.5.0 || >=1.6.0 <=1.6.2. The patch is provided for Sylius ResourceBundle 1.3.13, 1.4.6, 1.5.1 and 1.6.3, but not for any versions below 1.3. | |||||
| CVE-2018-16264 | 2 Linux, Samsung | 2 Tizen, Galaxy Gear | 2020-02-03 | 3.3 LOW | 6.5 MEDIUM |
| The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | |||||
| CVE-2013-6455 | 1 Mediawiki | 1 Mediawiki | 2020-01-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page. | |||||
| CVE-2011-5282 | 1 Mirc | 1 Mirc | 2020-01-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| mIRC prior to 7.22 has a message leak because chopping of outbound messages is mishandled. | |||||
| CVE-2019-15578 | 1 Gitlab | 1 Gitlab | 2020-01-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests. | |||||
| CVE-2019-18660 | 5 Canonical, Fedoraproject, Linux and 2 more | 5 Ubuntu Linux, Fedora, Linux Kernel and 2 more | 2020-01-28 | 1.9 LOW | 4.7 MEDIUM |
| The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. | |||||
| CVE-2012-2724 | 1 Md-systems | 1 Simplenews | 2020-01-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page. | |||||
| CVE-2013-4176 | 1 Mysecureshell Project | 1 Mysecureshell | 2020-01-27 | 2.1 LOW | 5.5 MEDIUM |
| mysecureshell 1.31: Local Information Disclosure Vulnerability | |||||
| CVE-2014-5209 | 2 F5, Ntp | 25 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 22 more | 2020-01-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information. | |||||
| CVE-2019-10083 | 1 Apache | 1 Nifi | 2020-01-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which the user may not have had read access to. | |||||
| CVE-2017-3211 | 1 Yopify | 1 Yopify | 2020-01-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization. | |||||
| CVE-2014-3753 | 1 1password | 1 1password | 2020-01-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| AgileBits 1Password through 1.0.9.340 allows security feature bypass | |||||
| CVE-2014-6275 | 2 Debian, Fusionforge | 2 Debian Linux, Fusionforge | 2020-01-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge. | |||||
| CVE-2014-5011 | 1 Dompdf Project | 1 Dompdf | 2020-01-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| DOMPDF before 0.6.2 allows Information Disclosure. | |||||
| CVE-2016-6587 | 1 Symantec | 1 Norton Mobile Security | 2020-01-13 | 2.1 LOW | 5.5 MEDIUM |
| An Information Disclosure vulnerability exists in the mid.dat file stored on the SD card in Symantec Norton Mobile Security for Android before 3.16, which could let a local malicious user obtain sensitive information. | |||||
| CVE-2019-4559 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2020-01-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM QRadar SIEM 7.3.0 through 7.3.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 166355. | |||||
| CVE-2019-17018 | 1 Mozilla | 1 Firefox | 2020-01-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. This vulnerability affects Firefox < 72. | |||||
| CVE-2016-5346 | 1 Google | 3 Android, Pixel, Pixel Xl | 2020-01-12 | 2.1 LOW | 5.5 MEDIUM |
| An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280). | |||||
| CVE-2012-5476 | 2 Debian, Openstack | 2 Debian Linux, Horizon | 2020-01-09 | 2.1 LOW | 5.5 MEDIUM |
| Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value. | |||||
| CVE-2017-16353 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2020-01-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked. | |||||
| CVE-2013-4868 | 1 Karotz | 1 Api | 2020-01-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Karotz API 12.07.19.00: Session Token Information Disclosure | |||||
| CVE-2018-20488 | 1 Gitlab | 1 Gitlab | 2020-01-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure. | |||||
| CVE-2018-20495 | 1 Gitlab | 1 Gitlab | 2020-01-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure. | |||||
| CVE-2015-6671 | 1 Edx | 1 Edx-platform | 2020-01-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup. | |||||
| CVE-2019-19254 | 1 Gitlab | 1 Gitlab | 2020-01-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control. | |||||
| CVE-2019-19256 | 1 Gitlab | 1 Gitlab | 2020-01-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorrect Access Control. | |||||
| CVE-2018-1682 | 1 Ibm | 1 Watston Studio Local | 2020-01-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Watson Studio Local 1.2.3 could disclose sensitive information over the network that an attacked could use in further attacks against the system. IBM X-Force ID: 145238. | |||||
| CVE-2019-5073 | 1 Wago | 4 Pfc 100, Pfc 100 Firmware, Pfc 200 and 1 more | 2019-12-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| An exploitable information exposure vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause an external tool to fail, resulting in uninitialized stack data to be copied to the response packet buffer. An attacker can send unauthenticated packets to trigger this vulnerability. | |||||
| CVE-2016-0777 | 5 Apple, Hp, Openbsd and 2 more | 7 Mac Os X, Remote Device Access Virtual Customer Access System, Openssh and 4 more | 2019-12-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. | |||||
| CVE-2016-5265 | 2 Mozilla, Oracle | 3 Firefox, Firefox Esr, Linux | 2019-12-27 | 4.0 MEDIUM | 5.5 MEDIUM |
| Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory. | |||||
| CVE-2019-15580 | 1 Gitlab | 1 Gitlab | 2019-12-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted. | |||||