Vulnerabilities (CVE)

Filtered by CWE-200
Total 8278 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-1697 1 Ibm 1 Maximo Asset Management 2024-02-04 4.0 MEDIUM 4.3 MEDIUM
IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request. IBM X-Force ID: 145966.
CVE-2018-16524 1 Amazon 2 Amazon Web Services Freertos, Freertos 2024-02-04 4.3 MEDIUM 5.9 MEDIUM
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of TCP options in prvCheckOptions.
CVE-2018-14079 1 Wi2be 2 Smart Hp, Smart Hp Wmt 2024-02-04 5.0 MEDIUM 7.5 HIGH
Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to obtain sensitive information via /Status/SystemStatusRpm.esp.
CVE-2016-6546 1 Kkmcn 1 Itrackeasy 2024-02-04 2.1 LOW 7.8 HIGH
The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cleartext.
CVE-2018-6262 1 Nvidia 1 Geforce Experience 2024-02-04 1.9 LOW 2.5 LOW
NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure.
CVE-2016-10727 2 Canonical, Gnome 2 Ubuntu Linux, Evolution 2024-02-04 5.0 MEDIUM 9.8 CRITICAL
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.
CVE-2018-1000803 1 Gitea 1 Gitea 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to receive email notifications. Emails received contain the other recipients even if they have the email set as private. This vulnerability appears to have been fixed in 1.5.1.
CVE-2018-6066 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Linux Desktop and 2 more 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2018-1685 3 Ibm, Linux, Microsoft 3 Db2, Linux Kernel, Windows 2024-02-04 4.9 MEDIUM 5.5 MEDIUM
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. IBM X-Force ID: 145502.
CVE-2018-14696 1 Drobo 2 5n2, 5n2 Firmware 2024-02-04 5.0 MEDIUM 7.5 HIGH
Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information.
CVE-2018-15684 1 Btiteam 1 Xbtit 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory (/include/logs) using predictable file names, which can lead to full path disclosure and leakage of sensitive data.
CVE-2018-1644 1 Ibm 1 Websphere Commerce 2024-02-04 4.0 MEDIUM 4.3 MEDIUM
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user.
CVE-2018-16889 1 Redhat 1 Ceph 2024-02-04 5.0 MEDIUM 7.5 HIGH
Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.
CVE-2018-16883 1 Fedoraproject 1 Sssd 2024-02-04 2.1 LOW 5.5 MEDIUM
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.
CVE-2018-6079 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2017-14443 1 Insteon 2 Hub 2245-222, Hub 2245-222 Firmware 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to an arbitrarily controlled information leak on the whole device memory. An attacker can send an authenticated HTTP request to trigger this vulnerability.
CVE-2018-18644 1 Gitlab 1 Gitlab 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration.
CVE-2017-9000 1 Hp 1 Arubaos 2024-02-04 5.0 MEDIUM 9.8 CRITICAL
ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally is vulnerable to unauthenticated arbitrary file access. An unauthenticated user with network access to an Aruba mobility controller on TCP port 8080 or 8081 may be able to access arbitrary files stored on the mobility controller. Ports 8080 and 8081 are used for captive portal functionality and are listening, by default, on all IP interfaces of the mobility controller, including captive portal interfaces. The attacker could access files which could contain passwords, keys, and other sensitive information that could lead to full system compromise.
CVE-2018-18657 1 Arcserve 1 Udp 2024-02-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue.
CVE-2018-16539 4 Artifex, Canonical, Debian and 1 more 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.