Total
10330 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-8722 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2025-04-20 | 5.3 Medium |
| An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. | ||||
| CVE-2017-7589 | 1 Openidm Project | 1 Openidm | 2025-04-20 | N/A |
| In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the "anonymous" user, as demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings. This is related to a missing access-control check in bin/defaults/script/info/login.js. | ||||
| CVE-2014-1677 | 1 Technicolor | 2 Tc7200, Tc7200 Firmware | 2025-04-20 | N/A |
| Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information. | ||||
| CVE-2017-13852 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor arbitrary apps via a crafted app that accesses process information at a high rate. | ||||
| CVE-2015-0783 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-20 | N/A |
| The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable. | ||||
| CVE-2016-7409 | 1 Dropbear Ssh Project | 1 Dropbear Ssh | 2025-04-20 | N/A |
| The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident. | ||||
| CVE-2015-5378 | 2 Elastic, Elasticsearch | 2 Logstash, Logstash | 2025-04-20 | N/A |
| Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server. | ||||
| CVE-2015-8034 | 1 Saltstack | 1 Salt | 2025-04-20 | N/A |
| The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file. | ||||
| CVE-2017-0413 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32161610. | ||||
| CVE-2016-7579 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "CFNetwork Proxies" component, which allows man-in-the-middle attackers to spoof a proxy password authentication requirement and obtain sensitive information. | ||||
| CVE-2016-7600 | 1 Apple | 1 Mac Os X | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "OpenPAM" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app. | ||||
| CVE-2017-8666 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-20 | N/A |
| Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly handle objects in memory, aka "Win32k Information Disclosure Vulnerability". | ||||
| CVE-2015-7880 | 1 Drupal | 1 Drupal | 2025-04-20 | N/A |
| The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to obtain sensitive event registration information by leveraging the "Register other accounts" permission and knowledge of usernames. | ||||
| CVE-2017-11833 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2025-04-20 | N/A |
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to determine the origin of all webpages in the affected browser, due to how Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11803 and CVE-2017-11844. | ||||
| CVE-2017-11850 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2025-04-20 | N/A |
| Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to improper handling of objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability". | ||||
| CVE-2014-8706 | 1 Pluck-cms | 1 Pluck | 2025-04-20 | N/A |
| Pluck CMS 4.7.2 allows remote attackers to obtain sensitive information by (1) changing "PHPSESSID" to an array; (2) adding non-alphanumeric chars to "PHPSESSID"; (3) changing the image parameter to an array; or (4) changing the image parameter to a string, which reveals the installation path in an error message. | ||||
| CVE-2014-8675 | 1 Soplanning | 1 Soplanning | 2025-04-20 | N/A |
| Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force attack on the embedded password hash. | ||||
| CVE-2017-5583 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-20 | N/A |
| The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to read arbitrary files via unspecified vectors. | ||||
| CVE-2017-14603 | 1 Digium | 2 Asterisk, Certified Asterisk | 2025-04-20 | N/A |
| In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report. | ||||
| CVE-2017-15110 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students. | ||||