Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-1607

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-04 Sep, 2012 | 20:00
Updated At-16 Sep, 2024 | 19:35
Rejected At-
Credits

The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:04 Sep, 2012 | 20:00
Updated At:16 Sep, 2024 | 19:35
Rejected At:
▼CVE Numbering Authority (CNA)

The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://secunia.com/advisories/48647
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/48622
third-party-advisory
x_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2012/03/30/4
mailing-list
x_refsource_MLIST
http://osvdb.org/80761
vdb-entry
x_refsource_OSVDB
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/
x_refsource_CONFIRM
http://www.debian.org/security/2012/dsa-2445
vendor-advisory
x_refsource_DEBIAN
http://www.securityfocus.com/bid/52771
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/48647
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/48622
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.openwall.com/lists/oss-security/2012/03/30/4
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://osvdb.org/80761
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.debian.org/security/2012/dsa-2445
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.securityfocus.com/bid/52771
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://secunia.com/advisories/48647
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/48622
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.openwall.com/lists/oss-security/2012/03/30/4
mailing-list
x_refsource_MLIST
x_transferred
http://osvdb.org/80761
vdb-entry
x_refsource_OSVDB
x_transferred
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/
x_refsource_CONFIRM
x_transferred
http://www.debian.org/security/2012/dsa-2445
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.securityfocus.com/bid/52771
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/48647
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/48622
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2012/03/30/4
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://osvdb.org/80761
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.debian.org/security/2012/dsa-2445
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/52771
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:04 Sep, 2012 | 20:55
Updated At:29 Apr, 2026 | 01:13

The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches

TYPO3 Association
typo3
>>typo3>>4.4
cpe:2.3:a:typo3:typo3:4.4:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.0
cpe:2.3:a:typo3:typo3:4.4.0:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.1
cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.2
cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.3
cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.4
cpe:2.3:a:typo3:typo3:4.4.4:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.5
cpe:2.3:a:typo3:typo3:4.4.5:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.6
cpe:2.3:a:typo3:typo3:4.4.6:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.7
cpe:2.3:a:typo3:typo3:4.4.7:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.8
cpe:2.3:a:typo3:typo3:4.4.8:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.9
cpe:2.3:a:typo3:typo3:4.4.9:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.10
cpe:2.3:a:typo3:typo3:4.4.10:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.11
cpe:2.3:a:typo3:typo3:4.4.11:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.12
cpe:2.3:a:typo3:typo3:4.4.12:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.4.13
cpe:2.3:a:typo3:typo3:4.4.13:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5
cpe:2.3:a:typo3:typo3:4.5:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.0
cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.1
cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.2
cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.3
cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.4
cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.5
cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.6
cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.7
cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.8
cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.9
cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.10
cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.11
cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.12
cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.13
cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.6
cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.6.0
cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.6.1
cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.6.2
cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.6.3
cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.6.4
cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.6.5
cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.6.6
cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.7
cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>6.0
cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://osvdb.org/80761secalert@redhat.com
N/A
http://secunia.com/advisories/48622secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/48647secalert@redhat.com
Vendor Advisory
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/secalert@redhat.com
Vendor Advisory
http://www.debian.org/security/2012/dsa-2445secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2012/03/30/4secalert@redhat.com
N/A
http://www.securityfocus.com/bid/52771secalert@redhat.com
N/A
http://osvdb.org/80761af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48622af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/48647af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.debian.org/security/2012/dsa-2445af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2012/03/30/4af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/52771af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://osvdb.org/80761
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48622
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/48647
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2012/dsa-2445
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/03/30/4
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/52771
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://osvdb.org/80761
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48622
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/48647
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2012/dsa-2445
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/03/30/4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/52771
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2805Records found

CVE-2015-9119
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.89% / 54.87%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 14:00
Updated-16 Sep, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, sensitive information may be returned to the QMI client as a response.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9635m_firmwaremdm9640_firmwaremdm9650sd_615_firmwaremsm8909w_firmwaresd_820mdm9645sd_650sd_450_firmwaresd_845_firmwaresd_410mdm9206sd_652sd_425_firmwaresd_800_firmwaresd_625_firmwaresd_450mdm9635mmdm9615sd_845mdm9206_firmwaremdm9640sd_835_firmwaremdm9650_firmwaresd_835sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_616_firmwaresd_205_firmwaresd_415sd_650_firmwaresd_212sd_412sd_808_firmwaresd_400sdx20sd_616sd_425sd_430_firmwaremdm9607_firmwaresd_615mdm9655_firmwaresd_625sd_210mdm9607sd_820_firmwaremdm9645_firmwaremdm9625_firmwaresd_808sd_800sd_617sd_400_firmwaresd_212_firmwaresd_850_firmwaremdm9655sd_412_firmwaremdm9625sd_430sd_810mdm9615_firmwaresdx20_firmwaresd_410_firmwaresd_205sd_810_firmwaresd_617_firmwareSnapdragon Mobile, Snapdragon Wear
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-16948
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.99% / 78.25%
||
7 Day CHG~0.00%
Published-12 Sep, 2018 | 01:00
Updated-05 Aug, 2024 | 10:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory.

Action-Not Available
Vendor-openafsn/aDebian GNU/Linux
Product-openafsdebian_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9491
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.06% / 86.01%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 18:04
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThemeMakers Blessing Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Action-Not Available
Vendor-blessing_premium_responsive_projectn/a
Product-blessing_premium_responsiven/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8952
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-4.93% / 91.08%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 23:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-sitescopeSiteScope
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0393
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.05% / 60.07%
||
7 Day CHG~0.00%
Published-17 Jul, 2016 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and 7.6 before 7.6.0.5-TIV-MAMMT-FP001 allows remote attackers to obtain sensitive URL information by reading log files.

Action-Not Available
Vendor-n/aIBM Corporation
Product-maximo_asset_managementn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-18987
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.11% / 62.01%
||
7 Day CHG~0.00%
Published-15 Nov, 2019 | 05:08
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Once a specific abuse filter has (accidentally or otherwise) been made public, its previous versions can be exposed, thus potentially disclosing private or sensitive information within the filter's definition.

Action-Not Available
Vendor-n/aWikimedia Foundation
Product-abusefiltern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3242
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-1.45% / 70.10%
||
7 Day CHG~0.00%
Published-14 Oct, 2011 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarimac_os_xmac_os_x_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-1777
Matching Score-4
Assigner-OTRS AG
ShareView Details
Matching Score-4
Assigner-OTRS AG
CVSS Score-4.3||MEDIUM
EPSS-0.83% / 53.10%
||
7 Day CHG~0.00%
Published-15 Oct, 2020 | 18:52
Updated-17 Sep, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Agent names disclosed in chat feature

Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions.

Action-Not Available
Vendor-OTRS AG
Product-otrsOTRS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9194
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.89% / 54.87%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 14:00
Updated-16 Sep, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 845, and Snapdragon_High_Med_2016, during module load at TZ Startup, memory statically allocated by modules was not being properly set to zero first. Allowing the module to execute without reset gives it access to information from previous app thus leading to information exposure.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_427_firmwaresd_652sd_425_firmwaresd_212_firmwaresd_800_firmwaresd_625_firmwaresd_450sd_400sd_425sd_845sd_430_firmwaresd_427sd_435sd_430sd_625sd_210sd_435_firmwaresd_212sd_650sd_205sd_450_firmwaresd_800sd_845_firmwaresd_210_firmwaresd_652_firmwaresd_617sd_400_firmwaresd_205_firmwaresd_650_firmwaresd_617_firmwareSnapdragon Mobile
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9488
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.06% / 86.01%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 18:03
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThemeMakers Almera Responsive Portfolio Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Action-Not Available
Vendor-almera_responsive_portfolio_site_template_projectn/a
Product-almera_responsive_portfolio_site_templaten/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-19625
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.50% / 71.18%
||
7 Day CHG~0.00%
Published-06 Dec, 2019 | 15:09
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document.

Action-Not Available
Vendor-rosn/a
Product-sros2n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-2890
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.15% / 62.88%
||
7 Day CHG~0.00%
Published-27 Jul, 2011 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488.

Action-Not Available
Vendor-n/aJoomla!
Product-joomla\!n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0312
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-1.73% / 74.77%
||
7 Day CHG~0.00%
Published-02 Feb, 2018 | 21:00
Updated-05 Aug, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers to obtain sensitive information via vectors related to granting unauthenticated access to Document Manager. IBM X-Force ID: 111486.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tririga_application_platformn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9482
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.06% / 86.01%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 17:58
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Action-Not Available
Vendor-car_dealer_\/_auto_dealer_responsive_projectn/a
Product-car_dealer_\/_auto_dealer_responsiven/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9492
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.06% / 86.01%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 18:05
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThemeMakers SmartIT Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Action-Not Available
Vendor-smartit_premium_responsive_projectn/a
Product-smartit_premium_responsiven/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-19550
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.92% / 77.37%
||
7 Day CHG~0.00%
Published-31 Jan, 2020 | 13:53
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 allows admin access to sensitive information of affected users using vulnerable versions. The attacker only needs to provide the correct URL.

Action-Not Available
Vendor-seniorn/a
Product-rubiwebn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0047
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-20.57% / 97.20%
||
7 Day CHG~0.00%
Published-10 Feb, 2016 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-.net_frameworkn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1976
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-1.98% / 78.04%
||
7 Day CHG~0.00%
Published-05 Sep, 2019 | 01:25
Updated-19 Nov, 2024 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Industrial Network Director Configuration Data Information Disclosure Vulnerability

A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper access restrictions on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to access running configuration information about devices managed by the IND, including administrative credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-industrial_network_directornetwork_level_serviceCisco Industrial Network Director
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-25990
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.72% / 49.25%
||
7 Day CHG+0.02%
Published-05 May, 2022 | 16:22
Updated-17 Sep, 2024 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-f5os-aF5OS-A
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-7761
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.44% / 69.86%
||
7 Day CHG~0.00%
Published-09 Oct, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-19254
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.08% / 61.07%
||
7 Day CHG~0.00%
Published-03 Jan, 2020 | 15:51
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-7665
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.60% / 72.86%
||
7 Day CHG~0.00%
Published-27 Dec, 2015 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (1) PORT or (2) EPRT command. NOTE: within wget itself, the automatic fallback is not considered a vulnerability by CVE.

Action-Not Available
Vendor-tails_projectn/a
Product-tailsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-7998
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.02% / 59.27%
||
7 Day CHG~0.00%
Published-17 Nov, 2015 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-netscaler_application_delivery_controller_firmwarenetscaler_service_delivery_appliance_service_vmnetscaler_gateway_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-8280
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-6.02% / 92.45%
||
7 Day CHG~0.00%
Published-15 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to discover credentials by reading detailed error messages.

Action-Not Available
Vendor-n/aSamsung
Product-web_viewern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-8559
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.93% / 77.52%
||
7 Day CHG~0.00%
Published-21 Sep, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages.

Action-Not Available
Vendor-n/aChef
Product-chefn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-7935
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-1.50% / 71.24%
||
7 Day CHG~0.00%
Published-23 Dec, 2015 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Motorola Solutions MOSCAD IP Gateway allows remote attackers to read arbitrary files via unspecified vectors.

Action-Not Available
Vendor-n/aMotorola Mobility LLC. (Lenovo Group Limited)
Product-moscad_ip_gateway_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-8079
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.23% / 65.18%
||
7 Day CHG~0.00%
Published-07 Sep, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db.

Action-Not Available
Vendor-qtn/a
Product-qtwebkitn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-7763
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.13% / 79.74%
||
7 Day CHG~0.00%
Published-06 Nov, 2015 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.

Action-Not Available
Vendor-openafsn/a
Product-openafsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-8544
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.97% / 77.96%
||
7 Day CHG~0.00%
Published-07 Feb, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aNetApp, Inc.
Product-snapdriven/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-7683
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-2.00% / 78.29%
||
7 Day CHG~0.00%
Published-14 Jul, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.

Action-Not Available
Vendor-The Apache Software Foundation
Product-openmeetingsApache OpenMeetings
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-7624
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5||MEDIUM
EPSS-3.13% / 86.28%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5583, CVE-2015-6705, and CVE-2015-6706.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-7940
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.82% / 90.89%
||
7 Day CHG~0.00%
Published-09 Nov, 2015 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."

Action-Not Available
Vendor-bouncycastlen/aOracle CorporationopenSUSE
Product-enterprise_manager_ops_centerpeoplesoft_enterprise_peopletoolsapplication_testing_suiteleapvirtual_desktop_infrastructurebouncy_castle_crypto_packageopensusen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-7762
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.13% / 79.74%
||
7 Day CHG~0.00%
Published-06 Nov, 2015 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.

Action-Not Available
Vendor-openafsn/aDebian GNU/Linux
Product-debian_linuxopenafsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-7945
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.36% / 94.78%
||
7 Day CHG~0.00%
Published-18 Aug, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job results.

Action-Not Available
Vendor-spi-incn/a
Product-ganetin/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-8074
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5||MEDIUM
EPSS-0.95% / 56.72%
||
7 Day CHG~0.00%
Published-03 Nov, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23540907 and 23515142, a different vulnerability than CVE-2015-6611.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-4212
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-2.63% / 83.64%
||
7 Day CHG~0.00%
Published-24 Jun, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_meeting_centern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2003-1540
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.23% / 86.72%
||
7 Day CHG~0.00%
Published-13 Feb, 2008 | 01:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to (1) !pwds.txt and (2) !nicks.txt.

Action-Not Available
Vendor-wfchatn/a
Product-wfchatn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2003-1555
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.11% / 86.19%
||
7 Day CHG~0.00%
Published-26 Mar, 2008 | 17:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message.

Action-Not Available
Vendor-scoznetn/a
Product-scozbookn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2003-1408
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.32% / 67.44%
||
7 Day CHG~0.00%
Published-20 Oct, 2007 | 10:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot.

Action-Not Available
Vendor-lotusn/a
Product-domino_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-8601
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.23% / 65.35%
||
7 Day CHG~0.00%
Published-17 Dec, 2015 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vectors.

Action-Not Available
Vendor-chat_room_projectn/a
Product-chat_roomn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-8005
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.43% / 69.71%
||
7 Day CHG~0.00%
Published-09 Nov, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file.

Action-Not Available
Vendor-n/aWikimedia Foundation
Product-mediawikin/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-7680
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.15% / 79.88%
||
7 Day CHG~0.00%
Published-10 Feb, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx.

Action-Not Available
Vendor-n/aIpswitch, Inc.
Product-moveit_dmzn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-8707
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.32% / 67.37%
||
7 Day CHG~0.00%
Published-25 Sep, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field.

Action-Not Available
Vendor-magenton/a
Product-magenton/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-8625
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.80% / 75.89%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters.

Action-Not Available
Vendor-n/aWikimedia Foundation
Product-mediawikin/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2003-1409
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.50% / 82.78%
||
7 Day CHG~0.00%
Published-20 Oct, 2007 | 10:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the error message.

Action-Not Available
Vendor-ej3n/a
Product-topon/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2003-1379
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.89% / 77.07%
||
7 Day CHG~0.00%
Published-19 Oct, 2007 | 10:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to obtain sensitive information about the server via the characters (1) A, which reveals the date and time, (2) F, (3) M, which reveals 'ifconfig' information, (4) P, which lists the processes, (5) Y, which reveals the snort log files, or (6) b, which reveals /var/log/messages.

Action-Not Available
Vendor-point_clark_networksn/a
Product-clarkconnectn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-19627
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.15% / 79.84%
||
7 Day CHG~0.00%
Published-06 Dec, 2019 | 15:09
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2.)

Action-Not Available
Vendor-rosn/a
Product-sros2n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-8393
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.37% / 90.09%
||
7 Day CHG~0.00%
Published-02 Dec, 2015 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.

Action-Not Available
Vendor-pcren/aThe PHP GroupFedora Project
Product-perl_compatible_regular_expression_libraryphpfedoran/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-8268
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-2.98% / 85.60%
||
7 Day CHG~0.00%
Published-10 Jun, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors.

Action-Not Available
Vendor-ideran/a
Product-uptime_infrastructure_monitorn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-8095
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.20% / 64.32%
||
7 Day CHG~0.00%
Published-09 Nov, 2015 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern.

Action-Not Available
Vendor-monster_menus_projectn/aThe Drupal Association
Product-drupalmonster_menusn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 56
  • 57
  • Next
Details not found