Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-10055 | 1 Qualcomm | 4 Sd 400, Sd 400 Firmware, Sd 800 and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, there could be leakage of protected contents if HLOS doesn't request for security restoration for OCMEM xPU's.
|
|||||
| CVE-2014-10047 | 1 Qualcomm | 4 Sd 400, Sd 400 Firmware, Sd 800 and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, when writing the Full Disk Encryption key to crypto engine, information leak could occur.
|
|||||
| CVE-2014-0912 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive product information via vectors related to an error page. IBM X-Force ID: 92072.
|
|||||
| CVE-2014-0882 | 1 Ibm | 16 Flex System Manager 7955, Flex System Manager 8731, Flex System X220 and 13 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149.
|
|||||
| CVE-2014-0872 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 1.5 LOW | 4.1 MEDIUM |
|
The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ID: 90988.
|
|||||
| CVE-2014-0242 | 1 Modwsgi | 1 Mod Wsgi | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.
|
|||||
| CVE-2013-7435 | 1 Evergreen-ils | 1 Evergreen | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.
|
|||||
| CVE-2013-7203 | 1 Gitolite | 1 Gitolite | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup.
|
|||||
| CVE-2013-7089 | 3 Clamav, Debian, Fedoraproject | 3 Clamav, Debian Linux, Fedora | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
ClamAV before 0.97.7: dbg_printhex possible information leak
|
|||||
| CVE-2013-6681 | 1 Mapway | 1 Tube Map | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Tube Map Live Underground for Android before 3.0.22 has an Information Disclosure Vulnerability
|
|||||
| CVE-2013-6455 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page.
|
|||||
| CVE-2013-5687 | 1 Aicorporation | 1 Risknet Acquirer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean contains a service information disclosure.
|
|||||
| CVE-2013-4868 | 1 Karotz | 1 Api | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Karotz API 12.07.19.00: Session Token Information Disclosure
|
|||||
| CVE-2013-4856 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-11-21 | 2.9 LOW | 6.5 MEDIUM |
|
D-Link DIR-865L has Information Disclosure.
|
|||||
| CVE-2013-4518 | 1 Redhat | 2 Enterprise Linux, Update Infrastructure | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates
|
|||||
| CVE-2013-4317 | 1 Apache | 1 Cloudstack | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.
|
|||||
| CVE-2013-4209 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums.
|
|||||
| CVE-2013-4187 | 1 Flippy Project | 1 Flippy | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The Flippy module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to nodes, which allows remote authenticated users with the permission to access content to read a link or alias to a restricted node.
|
|||||
| CVE-2013-4176 | 1 Mysecureshell Project | 1 Mysecureshell | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
mysecureshell 1.31: Local Information Disclosure Vulnerability
|
|||||
| CVE-2013-4166 | 2 Gnome, Redhat | 5 Evolution, Evolution Data Server, Enterprise Linux Desktop and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.
|
|||||
| CVE-2013-4110 | 1 Cryptocat Project | 1 Cryptocat | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Cryptocat has an Unspecified Chat Participant User List Disclosure
|
|||||
| CVE-2013-4105 | 1 Cryptocat Project | 1 Cryptocat | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information Disclosure
|
|||||
| CVE-2013-4088 | 1 Otrs | 1 Otrs | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.
|
|||||
| CVE-2013-3587 | 1 F5 | 14 Arx, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 11 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.
|
|||||
| CVE-2013-3564 | 1 Videolan | 1 Vlc Media Player | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating.
|
|||||
| CVE-2013-3551 | 1 Otrs | 2 Otrs, Otrs Itsm | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.
|
|||||
| CVE-2013-3314 | 1 Loftek | 2 Nexus 543, Nexus 543 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Loftek Nexus 543 IP Camera allows remote attackers to obtain (1) IP addresses via a request to get_realip.cgi or (2) firmware versions (ui and system), timestamp, serial number, p2p port number, and wifi status via a request to get_status.cgi.
|
|||||
| CVE-2013-3070 | 1 Netgear | 2 Wndr4700, Wndr4700 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN.
|
|||||
| CVE-2013-3023 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
|
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361.
|
|||||
| CVE-2013-3018 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.
|
|||||
| CVE-2013-2683 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information.
|
|||||
| CVE-2013-2676 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view private IP addresses and other sensitive information.
|
|||||
| CVE-2013-2674 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view sensitive information from referrer logs due to inadequate handling of HTTP referrer headers.
|
|||||
| CVE-2013-2631 | 1 Tinywebgallery | 1 Tinywebgallery | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twg_browserx" and "twg_browsery" in the page image.php.
|
|||||
| CVE-2013-2624 | 1 Telaen Project | 1 Telaen | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Telean before 1.3.1 contains a full path disclosure vulnerability which could allow remote attackers to obtain sensitive information through a specially crafted URL request.
|
|||||
| CVE-2013-2600 | 2 Debian, Miniupnp Project | 2 Debian Linux, Miniupnpd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
MiniUPnPd has information disclosure use of snprintf()
|
|||||
| CVE-2013-2499 | 1 Simplehrm | 1 Simplehrm | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
SimpleHRM 2.3 and earlier could allow remote attackers to bypass the authentication process in 'user_manager.php' via spoofing a cookie.
|
|||||
| CVE-2013-2262 | 1 Cryptocat Project | 1 Cryptocat | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Cryptocat strophe.js before 2.0.22 has information disclosure
|
|||||
| CVE-2013-2261 | 1 Cryptocat Project | 1 Cryptocat | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure
|
|||||
| CVE-2013-1817 | 4 Debian, Fedoraproject, Mediawiki and 1 more | 4 Debian Linux, Fedora, Mediawiki and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.
|
|||||