Total
8274 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5407 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | |||||
| CVE-2016-10234 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the Qualcomm IPA driver. Product: Android. Versions: Android kernel. Android ID: A-34390017. References: QC-CR#1069060. | |||||
| CVE-2018-9014 | 1 Dsmall Project | 1 Dsmall | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| dsmall v20180320 allows physical path leakage via a public/index.php/home/predeposit/index.html?pdr_sn= request. | |||||
| CVE-2017-8985 | 1 Hp | 1 Xp Storage Hitachi Global Link Manager | 2024-02-04 | 4.6 MEDIUM | 5.3 MEDIUM |
| HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local authenticated information disclosure vulnerability in HGLM version HGLM 6.3.0-00 to 8.5.2-00. | |||||
| CVE-2017-16079 | 1 Smb Project | 1 Smb | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-5454 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-7633 | 1 Qnap | 1 Qfinder Pro | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive information contained in NAS devices. If exploited, this may allow attackers to further compromise the device. | |||||
| CVE-2018-7209 | 1 Idashboards | 1 Idashboards | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive information via a direct request for the idashboards/config.xml URI, as demonstrated by intranet URLs for reports. | |||||
| CVE-2016-10530 | 1 Airbrake | 1 Airbrake | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS. | |||||
| CVE-2017-13239 | 1 Google | 1 Android | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A information disclosure vulnerability in the Android framework (ui framework). Product: Android. Versions: 8.0. ID: A-66244132. | |||||
| CVE-2018-1000142 | 1 Jenkins | 1 Github Pull Request Builder | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
| An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials. | |||||
| CVE-2016-9074 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | |||||
| CVE-2018-1200 | 1 Pivotal Software | 1 Pivotal Application Service | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links. | |||||
| CVE-2018-1000187 | 1 Jenkins | 1 Kubernetes | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs. | |||||
| CVE-2017-16050 | 1 Sqlite.js Project | 1 Sqlite.js | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| `sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2015-0152 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password. | |||||
| CVE-2017-12128 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability. | |||||
| CVE-2018-6460 | 1 Anchorfree | 1 Hotspot Shield | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and what is their real IP address. | |||||
| CVE-2018-1306 | 1 Apache | 1 Pluto | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information. | |||||
| CVE-2018-1387 | 1 Ibm | 3 Application Performance Management, Cloud Apm Data Collector, Monitoring | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Application Performance Management for Monitoring & Diagnostics (IBM Monitoring 8.1.3 and 8.1.4) may release sensitive personal data to the staff who can access to the database of this product. IBM X-Force ID: 138210. | |||||