Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1664 | 1 Citrix | 1 Gotomeeting | 2018-10-09 | 5.0 MEDIUM | N/A |
| The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file. | |||||
| CVE-2014-0894 | 1 Ibm | 2 Algo Credit Limits, Algorithmics | 2018-10-09 | 3.5 LOW | N/A |
| RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and DbPass fields in an XML document. | |||||
| CVE-2014-1677 | 1 Technicolor | 2 Tc7200, Tc7200 Firmware | 2018-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information. | |||||
| CVE-2014-0220 | 1 Cloudera | 1 Cloudera Manager | 2018-10-09 | 4.0 MEDIUM | N/A |
| Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote authenticated users to obtain sensitive configuration information via the API. | |||||
| CVE-2013-6480 | 1 Apache | 1 Libcloud | 2018-10-09 | 2.1 LOW | N/A |
| Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM. | |||||
| CVE-2011-3011 | 1 Ca | 1 Arcserve D2d | 2018-10-09 | 5.0 MEDIUM | N/A |
| BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors. | |||||
| CVE-2011-2088 | 2 Apache, Opensymphony | 3 Struts, Webwork, Xwork | 2018-10-09 | 5.0 MEDIUM | N/A |
| XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3. | |||||
| CVE-2011-2737 | 1 Rsa | 1 Envision | 2018-10-09 | 5.0 MEDIUM | N/A |
| RSA enVision 3.x and 4.x before 4 SP4 P3 allows remote attackers to read arbitrary files via unspecified vectors, related to an "arbitrary file retrieval vulnerability." | |||||
| CVE-2011-1569 | 1 Douran | 1 Portal | 2018-10-09 | 5.0 MEDIUM | N/A |
| download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obtain source code of arbitrary files under the web root via (1) a trailing ".", (2) a trailing space, or (3) mixed case in the FileNameAttach parameter. | |||||
| CVE-2011-1666 | 1 Metaways | 1 Tine | 2018-10-09 | 5.0 MEDIUM | N/A |
| Metaways Tine 2.0 allows remote attackers to obtain sensitive information via unknown vectors in (1) Crm/Controller.php, (2) Crm/Export/Csv.php, or (3) Calendar/Model/Attender.php, which reveal the full installation path. | |||||
| CVE-2011-1074 | 1 Freebsd | 1 Freebsd | 2018-10-09 | 1.9 LOW | N/A |
| crontab.c in crontab in FreeBSD allows local users to determine the existence of arbitrary directories via a command-line argument composed of a directory name concatenated with a directory traversal sequence that leads to the /etc/crontab pathname. | |||||
| CVE-2011-0636 | 1 Nvidia | 1 Cuda Toolkit | 2018-10-09 | 2.1 LOW | N/A |
| The (1) cudaHostAlloc and (2) cuMemHostAlloc functions in the NVIDIA CUDA Toolkit 3.2 developer drivers for Linux 260.19.26, and possibly other versions, do not initialize pinned memory, which allows local users to read potentially sensitive memory, such as file fragments during read or write operations. | |||||
| CVE-2018-7070 | 1 Hp | 1 Centralview Fraud Risk Management | 2018-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version. | |||||
| CVE-2018-7071 | 1 Hp | 1 Network Function Virtualization Director | 2018-10-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| HPE has identified a remote access to sensitive information vulnerability in HPE Network Function Virtualization Director (NFVD) 4.2.1 prior to gui patch 3. | |||||
| CVE-2018-7755 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2018-10-04 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. | |||||
| CVE-2009-0776 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-03 | 7.1 HIGH | N/A |
| nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. | |||||
| CVE-2007-5335 | 1 Mozilla | 1 Firefox | 2018-10-03 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain sensitive system information by using the addMicrosummaryGenerator sidebar method to access file: URIs. | |||||
| CVE-2005-3088 | 1 Fetchmail | 1 Fetchmail | 2018-10-03 | 2.1 LOW | N/A |
| fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords. | |||||
| CVE-2018-1999041 | 1 Jenkins | 1 Tinfoil Security | 2018-10-03 | 2.1 LOW | 5.5 MEDIUM |
| An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration. | |||||
| CVE-2016-3124 | 1 Simplesamlphp | 1 Simplesamlphp | 2018-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors. | |||||