Search
Total
7597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1381 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-11-14 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations, aka 'Microsoft Windows Information Disclosure Vulnerability'. | |||||
| CVE-2019-1402 | 1 Microsoft | 2 Office, Office 365 | 2019-11-14 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Information Disclosure Vulnerability'. | |||||
| CVE-2008-5083 | 1 Redhat | 1 Jboss Operations Network | 2019-11-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON. | |||||
| CVE-2019-1369 | 1 Microsoft | 1 Open Enclave Software Development Kit | 2019-11-13 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'. | |||||
| CVE-2019-1370 | 1 Microsoft | 1 Open Enclave Software Development Kit | 2019-11-13 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'. | |||||
| CVE-2019-1324 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-11-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'. | |||||
| CVE-2019-1374 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-11-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. | |||||
| CVE-2019-1446 | 1 Microsoft | 7 Excel, Excel Services, Office and 4 more | 2019-11-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. | |||||
| CVE-2019-13557 | 1 Philips | 2 Tasy Emr, Tasy Webportal | 2019-11-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information. | |||||
| CVE-2010-2450 | 2 Debian, Shibboleth | 2 Debian Linux, Service Provider | 2019-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default. | |||||
| CVE-2019-1439 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-11-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | |||||
| CVE-2019-1436 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-11-13 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1440. | |||||
| CVE-2019-1440 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-11-13 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1436. | |||||
| CVE-2009-5045 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2019-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| Dump Servlet information leak in jetty before 6.1.22. | |||||
| CVE-2019-4412 | 1 Ibm | 1 Cognos Controller | 2019-11-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162659. | |||||
| CVE-2011-4901 | 1 Typo3 | 1 Typo3 | 2019-11-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database. | |||||
| CVE-2011-4627 | 1 Typo3 | 1 Typo3 | 2019-11-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend. | |||||
| CVE-2011-4900 | 2 Debian, Typo3 | 2 Debian Linux, Typo3 | 2019-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| TYPO3 before 4.5.4 allows Information Disclosure in the backend. | |||||
| CVE-2010-3673 | 1 Typo3 | 1 Typo3 | 2019-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API. | |||||
| CVE-2014-0153 | 1 Ovirt | 1 Ovirt | 2019-11-06 | 4.3 MEDIUM | N/A |
| The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page. | |||||
| CVE-2013-4518 | 1 Redhat | 2 Enterprise Linux, Update Infrastructure | 2019-11-06 | 2.1 LOW | 5.5 MEDIUM |
| RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates | |||||
| CVE-2018-19854 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2019-11-06 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option). | |||||
| CVE-2019-17671 | 1 Wordpress | 1 Wordpress | 2019-11-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled. | |||||
| CVE-2013-4110 | 1 Cryptocat Project | 1 Cryptocat | 2019-11-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cryptocat has an Unspecified Chat Participant User List Disclosure | |||||
| CVE-2010-3664 | 1 Typo3 | 1 Typo3 | 2019-11-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend. | |||||
| CVE-2013-2261 | 1 Cryptocat Project | 1 Cryptocat | 2019-11-05 | 5.0 MEDIUM | 7.5 HIGH |
| Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure | |||||
| CVE-2013-4105 | 1 Cryptocat Project | 1 Cryptocat | 2019-11-05 | 5.0 MEDIUM | 7.5 HIGH |
| Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information Disclosure | |||||
| CVE-2013-2262 | 1 Cryptocat Project | 1 Cryptocat | 2019-11-05 | 5.0 MEDIUM | 7.5 HIGH |
| Cryptocat strophe.js before 2.0.22 has information disclosure | |||||
| CVE-2013-2600 | 2 Debian, Miniupnp Project | 2 Debian Linux, Miniupnpd | 2019-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| MiniUPnPd has information disclosure use of snprintf() | |||||
| CVE-2019-16908 | 1 Infosysta | 1 In-app \& Desktop Notifications | 2019-11-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI. | |||||
| CVE-2010-2783 | 1 Redhat | 1 Icedtea6 | 2019-11-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services. | |||||
| CVE-2018-1732 | 1 Ibm | 1 Qradar Advisor With Watson | 2019-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| IBM QRadar Advisor with Watson 1.14.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 147810. | |||||
| CVE-2019-17321 | 1 Clipsoft | 1 Rexpert | 2019-11-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| ClipSoft REXPERT 1.0.0.527 and earlier version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required. | |||||
| CVE-2019-6849 | 1 Schneider-electric | 6 Modicon Bmenoc 0311, Modicon Bmenoc 0311 Firmware, Modicon Bmenoc 0321 and 3 more | 2019-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific Modbus services provided by the REST API of the controller/communication module. | |||||
| CVE-2019-6850 | 1 Schneider-electric | 6 Modicon Bmenoc 0311, Modicon Bmenoc 0311 Firmware, Modicon Bmenoc 0321 and 3 more | 2019-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when reading specific registers with the REST API of the controller/communication module. | |||||
| CVE-2019-18611 | 1 Mediawiki | 1 Checkuser | 2019-10-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API. | |||||
| CVE-2019-18612 | 1 Mediawiki | 1 Abusefilter | 2019-10-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Previously hidden (restricted) AbuseFilter filters were viewable (or their differences were viewable) to unprivileged users, thus disclosing potentially sensitive information. | |||||
| CVE-2012-0046 | 1 Mediawiki | 1 Mediawiki | 2019-10-31 | 5.0 MEDIUM | 7.5 HIGH |
| mediawiki allows deleted text to be exposed | |||||
| CVE-2019-4397 | 1 Ibm | 2 Cloud Orchestrator, Cloud Orchestrator Enterprise | 2019-10-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239 | |||||
| CVE-2013-4856 | 1 D-link | 2 Dir-865l, Dir-865l Firmware | 2019-10-29 | 2.9 LOW | 6.5 MEDIUM |
| D-Link DIR-865L has Information Disclosure. | |||||
| CVE-2017-16355 | 2 Debian, Phusion | 2 Debian Linux, Passenger | 2019-10-28 | 1.2 LOW | 4.7 MEDIUM |
| In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml. | |||||
| CVE-2011-1015 | 1 Python | 1 Python | 2019-10-25 | 5.0 MEDIUM | N/A |
| The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI. | |||||
| CVE-2017-8087 | 1 Avm | 2 Fritz\!box 7490, Fritz\!os | 2019-10-24 | 2.1 LOW | 2.4 LOW |
| Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors. | |||||
| CVE-2014-8775 | 1 Modx | 1 Modx Revolution | 2019-10-22 | 5.0 MEDIUM | N/A |
| MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
| CVE-2019-12708 | 1 Cisco | 4 Spa112, Spa112 Firmware, Spa122 and 1 more | 2019-10-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to unsafe handling of user credentials. An attacker could exploit this vulnerability by viewing portions of the web-based management interface of an affected device. A successful exploit could allow the attacker to access administrative credentials and potentially gain elevated privileges by reusing stolen credentials on the affected device. | |||||
| CVE-2013-7400 | 1 Dkd | 1 Direct Mail | 2019-10-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes. | |||||
| CVE-2015-9488 | 1 Almera Responsive Portfolio Site Template Project | 1 Almera Responsive Portfolio Site Template | 2019-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| The ThemeMakers Almera Responsive Portfolio Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | |||||
| CVE-2015-9487 | 1 Almera Responsive Portfolio Project | 1 Almera Responsive Portfolio | 2019-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| The ThemeMakers Almera Responsive Portfolio theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | |||||
| CVE-2015-9489 | 1 Goodnex Premium Responsive Project | 1 Goodnex Premium Responsive | 2019-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| The ThemeMakers Goodnex Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | |||||
| CVE-2015-9491 | 1 Blessing Premium Responsive Project | 1 Blessing Premium Responsive | 2019-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| The ThemeMakers Blessing Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | |||||