Vulnerabilities (CVE)

Filtered by CWE-200
Total 8279 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-9530 1 Qodeinteractive 1 Qi Addons For Elementor 2024-10-25 N/A 4.3 MEDIUM
The Qi Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.0 via private templates. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the contents of templates that are private.
CVE-2024-10050 2024-10-25 N/A 4.3 MEDIUM
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfe_template shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view the contents of Draft, Private and Password-protected posts they do not own.
CVE-2024-35178 2 Jupyter, Microsoft 2 Jupyter Server, Windows 2024-10-24 N/A 7.5 HIGH
The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows machine hosting the Jupyter server, or access other network-accessible machines or 3rd party services using that credential. Or an attacker perform an NTLM relay attack without cracking the credential to gain access to other network-accessible machines. This vulnerability is fixed in 2.14.1.
CVE-2024-0472 1 Code-projects 1 Dormitory Management System 2024-10-24 2.7 LOW 7.5 HIGH
A vulnerability was found in code-projects Dormitory Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file modifyuser.php. The manipulation of the argument mname leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-250577 was assigned to this vulnerability.
CVE-2019-5591 1 Fortinet 1 Fortios 2024-10-24 3.3 LOW 6.5 MEDIUM
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.
CVE-2024-23562 1 Hcltech 1 Domino 2024-10-23 N/A 7.5 HIGH
A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system.
CVE-2016-5265 2 Mozilla, Oracle 2 Firefox, Linux 2024-10-22 4.0 MEDIUM 5.5 MEDIUM
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory.
CVE-2016-2830 1 Mozilla 1 Firefox 2024-10-22 4.3 MEDIUM 4.3 MEDIUM
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses.
CVE-2015-4478 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2024-10-22 5.0 MEDIUM N/A
Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method.
CVE-2015-7214 3 Fedoraproject, Mozilla, Opensuse 4 Fedora, Firefox, Leap and 1 more 2024-10-22 5.0 MEDIUM N/A
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.
CVE-2015-4519 1 Mozilla 1 Firefox 2024-10-22 4.3 MEDIUM N/A
Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element.
CVE-2016-1526 4 Debian, Fedoraproject, Mozilla and 1 more 5 Debian Linux, Fedora, Firefox and 2 more 2024-10-22 5.8 MEDIUM 8.1 HIGH
The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.
CVE-2012-1945 1 Mozilla 4 Firefox, Seamonkey, Thunderbird and 1 more 2024-10-21 2.9 LOW N/A
Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.
CVE-2012-3972 6 Canonical, Debian, Mozilla and 3 more 15 Ubuntu Linux, Debian Linux, Firefox and 12 more 2024-10-21 5.0 MEDIUM N/A
The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read.
CVE-2013-0748 5 Canonical, Mozilla, Opensuse and 2 more 14 Ubuntu Linux, Firefox, Seamonkey and 11 more 2024-10-21 4.3 MEDIUM N/A
The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR protection mechanism by calling the toString function of an XBL object.
CVE-2012-3976 5 Canonical, Mozilla, Opensuse and 2 more 12 Ubuntu Linux, Firefox, Seamonkey and 9 more 2024-10-21 4.3 MEDIUM N/A
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page.
CVE-2018-12365 4 Canonical, Debian, Mozilla and 1 more 11 Ubuntu Linux, Debian Linux, Firefox and 8 more 2024-10-21 4.3 MEDIUM 6.5 MEDIUM
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
CVE-2012-0456 1 Mozilla 4 Firefox, Seamonkey, Thunderbird and 1 more 2024-10-21 5.0 MEDIUM N/A
The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read.
CVE-2015-0822 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-10-21 4.3 MEDIUM N/A
The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.
CVE-2024-0716 1 Byzoro 2 Smart S150, Smart S150 Firmware 2024-10-21 2.1 LOW 5.3 MEDIUM
A vulnerability classified as problematic has been found in Byzoro Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-251541 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.