Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-200
Total 6955 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-22176 1 Phpgurukul 1 Hospital Management System In Php 2021-06-24 5.0 MEDIUM 7.5 HIGH
PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information.
CVE-2021-22913 1 Nextcloud 1 Deck 2021-06-23 4.3 MEDIUM 6.5 MEDIUM
Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user.
CVE-2021-22905 1 Nextcloud 1 Nextcloud 2021-06-22 4.3 MEDIUM 6.5 MEDIUM
Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user.
CVE-2021-22749 1 Schneider-electric 2 Modicon X80 Bmxnor0200h Rtu, Modicon X80 Bmxnor0200h Rtu Firmware 2021-06-22 5.0 MEDIUM 5.3 MEDIUM
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially crafted HTTP request is sent to the web server of the module.
CVE-2021-22912 1 Nextcloud 1 Nextcloud 2021-06-22 4.3 MEDIUM 6.5 MEDIUM
Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user.
CVE-2021-34679 1 Thycotic 1 Password Reset Server 2021-06-21 5.0 MEDIUM 7.5 HIGH
Thycotic Password Reset Server before 5.3.0 allows credential disclosure.
CVE-2017-11435 1 Humaxdigital 2 Hg100r, Hg100r Firmware 2021-06-21 7.5 HIGH 9.8 CRITICAL
The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating the session token while returning answers for some methods in url '/api'. An attacker can use this vulnerability to retrieve sensitive information such as private/public IP addresses, SSID names, and passwords.
CVE-2015-1857 1 Linuxfoundation 1 Opendaylight 2021-06-16 5.0 MEDIUM 5.3 MEDIUM
The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions.
CVE-2012-5624 3 Canonical, Digia, Qt 3 Ubuntu Linux, Qt, Qt 2021-06-16 4.3 MEDIUM N/A
The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.
CVE-2016-3956 3 Ibm, Nodejs, Npmjs 3 Sdk, Node.js, Npm 2021-06-15 5.0 MEDIUM 7.5 HIGH
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.
CVE-2021-33662 1 Sap 1 Business One 2021-06-15 2.1 LOW 4.4 MEDIUM
Under certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive information on the file system allowing an attacker to access information which would otherwise be restricted.
CVE-2018-18566 1 Polycom 5 Unified Communications Software, Vvx 500, Vvx 500 Firmware and 2 more 2021-06-15 5.0 MEDIUM 5.3 MEDIUM
The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business.
CVE-2021-20259 1 Theforeman 1 Foremanfogproxmox 2021-06-15 4.6 MEDIUM 7.8 HIGH
A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Versions before foreman_fog_proxmox 0.13.1 are affected
CVE-2019-10246 4 Eclipse, Microsoft, Netapp and 1 more 26 Jetty, Windows, Element and 23 more 2021-06-14 5.0 MEDIUM 5.3 MEDIUM
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.
CVE-2021-31960 1 Microsoft 2 Windows 10, Windows Server 2016 2021-06-11 2.1 LOW 5.5 MEDIUM
Windows Bind Filter Driver Information Disclosure Vulnerability
CVE-2020-14371 1 Redhat 1 Satellite 2021-06-11 4.0 MEDIUM 6.5 MEDIUM
A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite.
CVE-2020-7506 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2021-06-11 5.0 MEDIUM 7.5 HIGH
A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure.
CVE-2017-8761 1 Openstack 1 Swift 2021-06-11 4.0 MEDIUM 4.3 MEDIUM
In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.
CVE-2021-31975 1 Microsoft 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more 2021-06-11 7.8 HIGH 7.5 HIGH
Server for NFS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-31976.
CVE-2021-31976 1 Microsoft 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more 2021-06-11 7.8 HIGH 7.5 HIGH
Server for NFS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-31975.