Total
7971 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3452 | 1 Radactive | 1 I-load | 2018-10-10 | 5.0 MEDIUM | N/A |
| WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to obtain sensitive information via unspecified requests that trigger responses containing the saved-image folder pathname. | |||||
| CVE-2009-2274 | 1 Huawei | 1 D100 | 2018-10-10 | 7.8 HIGH | N/A |
| The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to (1) lan_status_adv.asp, (2) wlan_basic_cfg.asp, or (3) lancfg.asp in en/, related to use of JavaScript to protect against reading file contents. | |||||
| CVE-2009-2134 | 1 Pivot | 1 Pivot | 2018-10-10 | 5.0 MEDIUM | N/A |
| pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obtain sensitive information via an invalid url parameter, which reveals the installation path in an error message. | |||||
| CVE-2009-2115 | 1 Skybluecanvas | 1 Skybluecanvas | 2018-10-10 | 6.8 MEDIUM | N/A |
| admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message. | |||||
| CVE-2009-1293 | 1 Novell | 1 Teaming | 2018-10-10 | 5.0 MEDIUM | N/A |
| The web login functionality (c/portal/login) in Novell Teaming 1.0 through SP3 (1.0.3) generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames. | |||||
| CVE-2009-1289 | 1 Ibm | 2 Advanced Management Module, Bladecenter | 2018-10-10 | 4.0 MEDIUM | N/A |
| private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter. | |||||
| CVE-2009-1255 | 1 Memcachedb | 1 Memcached | 2018-10-10 | 5.0 MEDIUM | N/A |
| The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port. | |||||
| CVE-2009-0852 | 1 Stewart Howe | 1 Celerbb | 2018-10-10 | 5.0 MEDIUM | N/A |
| showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserved information" via the user parameter. | |||||
| CVE-2009-0678 | 1 Ravenphpscripts | 1 Ravennuke | 2018-10-10 | 5.0 MEDIUM | N/A |
| images/captcha.php in RavenNuke 2.30 allows remote attackers to obtain sensitive information via an aFonts array parameter value that does not correspond to a valid font file, which reveals the installation path in an error message. | |||||
| CVE-2018-5544 | 1 F5 | 1 Big-ip Access Policy Manager | 2018-10-10 | 5.0 MEDIUM | 7.5 HIGH |
| When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders certain pages (pages with a logon agent or a confirm box), the BIG-IP APM may disclose configuration information such as partition and agent names via URI parameters. | |||||
| CVE-2017-1286 | 1 Ibm | 1 Urbancode Deploy | 2018-10-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147. | |||||
| CVE-2018-15125 | 1 Zipato | 2 Zipabox, Zipabox Firmware | 2018-10-10 | 5.0 MEDIUM | 7.5 HIGH |
| Sensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface. | |||||
| CVE-2018-7268 | 3 Apple, Linux, Magnicomp | 3 Mac Os X, Linux Kernel, Sysinfo | 2018-10-09 | 4.9 MEDIUM | 5.5 MEDIUM |
| MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any root (uid 0) owned file on the system, regardless of the file permissions. Confidential information such as password hashes (/etc/shadow) or other secrets (such as log files or private keys) can be leaked to the attacker. The vulnerability has a confidentiality impact, but has no direct impact on system integrity or availability. | |||||
| CVE-2017-14085 | 1 Trendmicro | 1 Officescan | 2018-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules. | |||||
| CVE-2016-7442 | 1 Sophos | 1 Unified Threat Management Software | 2018-10-09 | 2.1 LOW | 4.4 MEDIUM |
| The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab. | |||||
| CVE-2016-7397 | 1 Sophos | 1 Unified Threat Management Software | 2018-10-09 | 2.1 LOW | 4.4 MEDIUM |
| The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab. | |||||
| CVE-2016-6231 | 1 Kaspersky | 1 Safe Browser | 2018-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-3996 | 1 Samsung | 1 Knox | 2018-10-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application. | |||||
| CVE-2016-3152 | 1 Barco | 2 Clickshare Csc-1, Clickshare Csc-1 Firmware | 2018-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow remote attackers to obtain the root password by downloading and extracting the firmware image. | |||||
| CVE-2016-2212 | 1 Magento | 1 Magento | 2018-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class in app/code/core/Mage/Rss/Helper/Order.php in Magento Enterprise Edition before 1.14.2.3 and Magento Community Edition before 1.9.2.3 allows remote attackers to obtain sensitive order information via the order_id in a JSON object in the data parameter in an RSS feed request to index.php/rss/order/status. | |||||