Search
Total
7597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7216 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive information via unspecified request parameters. | |||||
| CVE-2017-5583 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2018-10142 | 1 Paloaltonetworks | 1 Expedition | 2020-02-17 | 5.0 MEDIUM | 7.5 HIGH |
| The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system. | |||||
| CVE-2012-6590 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | N/A |
| The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote attackers to obtain verbose error information via crafted input, aka Ref ID 33139. | |||||
| CVE-2018-3987 | 1 Rakuten | 1 Viber | 2020-02-14 | 2.1 LOW | 5.5 MEDIUM |
| An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionality which leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device. | |||||
| CVE-2012-5828 | 1 Blackberry | 2 Playbook, Playbook Firmware | 2020-02-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerability via a Web browser component error | |||||
| CVE-2014-7863 | 1 Zohocorp | 3 Manageengine Applications Manager, Manageengine It360, Manageengine Opmanager | 2020-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to (1) read arbitrary files via the fileName parameter in a copyfile operation or (2) obtain sensitive information via a directory listing in a listdirectory operation to servlet/FailOverHelperServlet. | |||||
| CVE-2017-18642 | 1 Syska | 2 Smartlight Rainbow Led Smart Bulb, Smartlight Rainbow Led Smart Bulb Firmware | 2020-02-12 | 3.3 LOW | 6.5 MEDIUM |
| Syska Smart Bulb devices through 2017-08-06 receive RGB parameters over cleartext Bluetooth Low Energy (BLE), leading to sniffing, reverse engineering, and replay attacks. | |||||
| CVE-2013-3564 | 1 Videolan | 1 Vlc Media Player | 2020-02-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating. | |||||
| CVE-2012-6341 | 1 Netgear | 4 Wgr614v7, Wgr614v7 Firmware, Wgr614v9 and 1 more | 2020-02-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext. This is a different issue than CVE-2012-6340. | |||||
| CVE-2013-2676 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2020-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view private IP addresses and other sensitive information. | |||||
| CVE-2012-1994 | 1 Hp | 1 Systems Insight Manager | 2020-02-11 | 2.7 LOW | 5.7 MEDIUM |
| HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information | |||||
| CVE-2019-3797 | 1 Pivotal Software | 1 Spring Data Java Persistence Api | 2020-02-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly. | |||||
| CVE-2019-3868 | 1 Redhat | 1 Keycloak | 2020-02-10 | 5.5 MEDIUM | 3.8 LOW |
| Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user’s browser session. | |||||
| CVE-2006-4595 | 1 Muforum | 1 Muforum | 2020-02-10 | 5.0 MEDIUM | N/A |
| muforum (µforum) 0.4c stores membres/members.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes. | |||||
| CVE-2005-2036 | 1 Cool Cafe Chat | 1 Cool Cafe Chat | 2020-02-10 | 7.5 HIGH | N/A |
| modifyUser.asp in Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to obtain the administrator password and email address via a modified nickname value. | |||||
| CVE-2013-0192 | 1 Simplemachines | 1 Simple Machines Forum | 2020-02-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config. | |||||
| CVE-2013-4166 | 2 Gnome, Redhat | 5 Evolution, Evolution Data Server, Enterprise Linux Desktop and 2 more | 2020-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. | |||||
| CVE-2010-3917 | 1 Google | 1 Chrome | 2020-02-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site. | |||||
| CVE-2014-9127 | 1 Open-school | 1 Open-school | 2020-02-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the value export to index.php. | |||||
| CVE-2013-1631 | 1 Veraxsystems | 1 Network Management System | 2020-02-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Verax NMS prior to 2.1.0 leaks connection details when any user executes a Repair Table action | |||||
| CVE-2013-2683 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2020-02-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information. | |||||
| CVE-2013-0291 | 1 Imagely | 1 Nextgen Gallery | 2020-02-06 | 5.0 MEDIUM | 7.5 HIGH |
| NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability | |||||
| CVE-2013-4187 | 1 Flippy Project | 1 Flippy | 2020-02-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Flippy module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to nodes, which allows remote authenticated users with the permission to access content to read a link or alias to a restricted node. | |||||
| CVE-2014-8328 | 1 Dynamic Content Elements Project | 1 Dynamic Content Elements | 2020-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request. | |||||
| CVE-2013-2631 | 1 Tinywebgallery | 1 Tinywebgallery | 2020-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twg_browserx" and "twg_browsery" in the page image.php. | |||||
| CVE-2013-2674 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2020-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view sensitive information from referrer logs due to inadequate handling of HTTP referrer headers. | |||||
| CVE-2016-4676 | 1 Apple | 2 Mac Os X, Safari | 2020-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information. | |||||
| CVE-2011-4088 | 3 Abrt Project, Fedoraproject, Redhat | 5 Abrt, Fedora, Enterprise Linux Desktop and 2 more | 2020-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| ABRT might allow attackers to obtain sensitive information from crash reports. | |||||
| CVE-2014-9481 | 1 Mediawiki | 1 Mediawiki | 2020-02-05 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML. | |||||
| CVE-2011-4937 | 1 Joomla | 1 Joomla\! | 2020-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| Joomla! 1.7.1 has core information disclosure due to inadequate error checking. | |||||
| CVE-2019-4562 | 1 Ibm | 1 Security Directory Server | 2020-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623. | |||||
| CVE-2013-2624 | 1 Telaen Project | 1 Telaen | 2020-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Telean before 1.3.1 contains a full path disclosure vulnerability which could allow remote attackers to obtain sensitive information through a specially crafted URL request. | |||||
| CVE-2020-5220 | 1 Sylius | 1 Syliusresourcebundle | 2020-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's controller is affected. The vulnerable versions are: <1.3 || >=1.3.0 <=1.3.12 || >=1.4.0 <=1.4.5 || >=1.5.0 <=1.5.0 || >=1.6.0 <=1.6.2. The patch is provided for Sylius ResourceBundle 1.3.13, 1.4.6, 1.5.1 and 1.6.3, but not for any versions below 1.3. | |||||
| CVE-2018-16264 | 2 Linux, Samsung | 2 Tizen, Galaxy Gear | 2020-02-03 | 3.3 LOW | 6.5 MEDIUM |
| The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | |||||
| CVE-2013-2499 | 1 Simplehrm | 1 Simplehrm | 2020-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| SimpleHRM 2.3 and earlier could allow remote attackers to bypass the authentication process in 'user_manager.php' via spoofing a cookie. | |||||
| CVE-2013-6455 | 1 Mediawiki | 1 Mediawiki | 2020-01-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page. | |||||
| CVE-2018-16269 | 1 Samsung | 20 Galaxy Gear, Galaxy Gear Firmware, Gear 2 and 17 more | 2020-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | |||||
| CVE-2018-9852 | 1 Gxlcms | 1 Gxlcms Qy | 2020-01-30 | 5.0 MEDIUM | 9.8 CRITICAL |
| In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23. | |||||
| CVE-2011-5282 | 1 Mirc | 1 Mirc | 2020-01-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| mIRC prior to 7.22 has a message leak because chopping of outbound messages is mishandled. | |||||
| CVE-2019-15578 | 1 Gitlab | 1 Gitlab | 2020-01-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests. | |||||
| CVE-2019-15583 | 1 Gitlab | 1 Gitlab | 2020-01-29 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API. | |||||
| CVE-2013-1594 | 1 Vivotek | 2 Pt7135, Pt7135 Firmware | 2020-01-28 | 5.0 MEDIUM | 7.5 HIGH |
| An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text. | |||||
| CVE-2019-18660 | 5 Canonical, Fedoraproject, Linux and 2 more | 5 Ubuntu Linux, Fedora, Linux Kernel and 2 more | 2020-01-28 | 1.9 LOW | 4.7 MEDIUM |
| The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. | |||||
| CVE-2012-2724 | 1 Md-systems | 1 Simplenews | 2020-01-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page. | |||||
| CVE-2011-3613 | 1 Vanillaforums | 1 Vanilla | 2020-01-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled. | |||||
| CVE-2013-4176 | 1 Mysecureshell Project | 1 Mysecureshell | 2020-01-27 | 2.1 LOW | 5.5 MEDIUM |
| mysecureshell 1.31: Local Information Disclosure Vulnerability | |||||
| CVE-2014-5209 | 2 F5, Ntp | 25 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 22 more | 2020-01-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information. | |||||
| CVE-2019-10083 | 1 Apache | 1 Nifi | 2020-01-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which the user may not have had read access to. | |||||
| CVE-2017-3211 | 1 Yopify | 1 Yopify | 2020-01-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization. | |||||