Total
8274 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1392 | 1 Ibm | 1 Financial Transaction Manager | 2024-02-04 | 3.5 LOW | 3.1 LOW |
| IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138377. | |||||
| CVE-2013-4317 | 1 Apache | 1 Cloudstack | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own. | |||||
| CVE-2018-10198 | 1 Otrs | 1 Otrs | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets. | |||||
| CVE-2017-15713 | 1 Apache | 1 Hadoop | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host. | |||||
| CVE-2016-8220 | 1 Pivotal Software | 1 Gemfire | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Pivotal Gemfire for PCF, versions 1.6.x prior to 1.6.5.0 and 1.7.x prior to 1.7.1.0, contain an information disclosure vulnerability. The application inadvertently exposed WAN replication credentials at a public route. | |||||
| CVE-2018-1000186 | 1 Jenkins | 1 Github Pull Request Builder | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2018-7668 | 1 Testlink | 1 Testlink | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php. | |||||
| CVE-2015-9123 | 1 Qualcomm | 74 Fsm9055, Fsm9055 Firmware, Ipq4019 and 71 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, code to zeroize AES key could be compiled out by compiler which could potentially result in information disclosure. | |||||
| CVE-2018-0839 | 1 Microsoft | 2 Edge, Windows 10 | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 1703 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0763. | |||||
| CVE-2017-3776 | 1 Lenovo | 1 Lenovo Help | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowed information to be transmitted over an HTTP channel, permitting others observing the channel to potentially see this information. | |||||
| CVE-2017-1784 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858. | |||||
| CVE-2017-16769 | 1 Synology | 1 Photo Station | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode. | |||||
| CVE-2017-16073 | 1 Noderequest Project | 1 Noderequest | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2018-1614 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270. | |||||
| CVE-2018-1464 | 1 Ibm | 14 San Volume Controller, San Volume Controller Firmware, Spectrum Virtualize and 11 more | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395. | |||||
| CVE-2018-10652 | 1 Citrix | 1 Xenmobile Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3. | |||||
| CVE-2018-4137 | 1 Apple | 2 Iphone Os, Safari | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement. | |||||
| CVE-2017-16592 | 1 Netgain-systems | 1 Enterprise Manager | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the common.download_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5103. | |||||
| CVE-2017-16203 | 1 Coffescript Project | 1 Coffescript | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2018-1322 | 1 Apache | 1 Syncope | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters. | |||||