Total
8275 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1000135 | 2 Canonical, Gnome | 2 Ubuntu Linux, Networkmanager | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does not appear to be available at this time. | |||||
| CVE-2017-16068 | 1 Ffmepg Project | 1 Ffmepg | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16596 | 1 Netgain-systems | 1 Enterprise Manager | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.designer.script_005fsamples_jsp servlet, which listens on TCP port 8081 by default. When parsing the type parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5119. | |||||
| CVE-2015-1957 | 1 Ibm | 1 Websphere Mq | 2024-02-04 | 3.5 LOW | 5.3 MEDIUM |
| IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows remote authenticated users to obtain sensitive information via a man-in-the-middle attack, related to duplication of message data in cleartext outside the protected payload. IBM X-Force ID: 103482. | |||||
| CVE-2017-16057 | 1 Nodemssql Project | 1 Nodemssql | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2014-6109 | 1 Ibm | 2 Security Identity Manager, Tivoli Identity Manager | 2024-02-04 | 3.5 LOW | 5.3 MEDIUM |
| IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173. | |||||
| CVE-2018-1369 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-02-04 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 137767. | |||||
| CVE-2018-9275 | 1 Yubico | 1 Yubico Pam | 2024-02-04 | 6.4 MEDIUM | 8.2 HIGH |
| In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors). | |||||
| CVE-2018-4861 | 1 Siemens | 2 Scalance M875, Scalance M875 Firmware | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could potentially read and download arbitrary files from the device's file system. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2016-0237 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Guardium Database Activity Monitor 10 allows local users to obtain sensitive information by reading cached browser data. IBM X-Force ID: 110328. | |||||
| CVE-2017-15852 | 1 Google | 1 Android | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| Information leak of the ISPIF base address in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the camera driver. | |||||
| CVE-2018-12437 | 2 Libtom, Linaro | 2 Libtomcrypt, Op-tee | 2024-02-04 | 1.9 LOW | 4.9 MEDIUM |
| LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | |||||
| CVE-2018-12990 | 1 Phpwcms | 1 Phpwcms | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field. | |||||
| CVE-2014-5132 | 1 Avolvesoftware | 1 Projectdox | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Avolve Software ProjectDox 8.1 allows remote attackers to enumerate users via vectors related to email addresses. | |||||
| CVE-2015-9256 | 1 Datto | 16 Alto 2, Alto 2 Firmware, Alto 3 and 13 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default. | |||||
| CVE-2013-7435 | 1 Evergreen-ils | 1 Evergreen | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml. | |||||
| CVE-2018-11554 | 1 Yzmcms | 1 Yzmcms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach. | |||||
| CVE-2018-10583 | 5 Apache, Canonical, Debian and 2 more | 7 Openoffice, Ubuntu Linux, Debian Linux and 4 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. | |||||
| CVE-2017-14875 | 1 Google | 1 Android | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In the handler for the ioctl command VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-05-23, a heap overread vulnerability exists. | |||||
| CVE-2017-1000395 | 1 Jenkins | 1 Jenkins | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins 2.73.1 and earlier, 2.83 and earlier provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/(username)/api remote API. This included e.g. Jenkins users' email addresses if the Mailer Plugin is installed. The remote API now no longer includes information beyond the most basic (user ID and name) unless the user requesting it is a Jenkins administrator. | |||||