Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-1945

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-05 Jun, 2012 | 23:00
Updated At-06 Aug, 2024 | 19:17
Rejected At-
Credits

Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:05 Jun, 2012 | 23:00
Updated At:06 Aug, 2024 | 19:17
Rejected At:
▼CVE Numbering Authority (CNA)

Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.mozilla.org/security/announce/2012/mfsa2012-37.html
x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16743
vdb-entry
signature
x_refsource_OVAL
http://www.mandriva.com/security/advisories?name=MDVSA-2012:088
vendor-advisory
x_refsource_MANDRIVA
http://rhn.redhat.com/errata/RHSA-2012-0710.html
vendor-advisory
x_refsource_REDHAT
https://bugzilla.mozilla.org/show_bug.cgi?id=670514
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html
vendor-advisory
x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2012-0715.html
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.mozilla.org/security/announce/2012/mfsa2012-37.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16743
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:088
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0710.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=670514
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0715.html
Resource:
vendor-advisory
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.mozilla.org/security/announce/2012/mfsa2012-37.html
x_refsource_CONFIRM
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16743
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2012:088
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-0710.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=670514
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-0715.html
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.mozilla.org/security/announce/2012/mfsa2012-37.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16743
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:088
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0710.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=670514
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0715.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:05 Jun, 2012 | 23:55
Updated At:11 Apr, 2025 | 00:51

Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.02.9LOW
AV:A/AC:M/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.9
Base severity: LOW
Vector:
AV:A/AC:M/Au:N/C:P/I:N/A:N
CPE Matches
Mozilla Corporation
mozilla
>>firefox>>4.0
cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>4.0
cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>4.0
cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>4.0
cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>4.0
cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>4.0
cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>4.0
cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>4.0
cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>4.0
cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>4.0
cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>4.0
cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>4.0
cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>4.0
cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>4.0.1
cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>5.0
cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>5.0.1
cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>6.0
cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>6.0.1
cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>6.0.2
cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>7.0
cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>7.0.1
cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>8.0
cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>8.0.1
cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>9.0
cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>9.0.1
cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>10.0
cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>10.0.1
cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>10.0.2
cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>10.0.3
cpe:2.3:a:mozilla:firefox:10.0.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>10.0.4
cpe:2.3:a:mozilla:firefox:10.0.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>11.0
cpe:2.3:a:mozilla:firefox:11.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>12.0
cpe:2.3:a:mozilla:firefox:12.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>12.0
cpe:2.3:a:mozilla:firefox:12.0:beta6:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>Versions up to 2.9(inclusive)
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0
cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0
cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0.1
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0.2
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0.3
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0.4
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0.5
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0.6
cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0.7
cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0.8
cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0.9
cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1
cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1
cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1
cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.1
cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.htmlcve@mitre.org
N/A
http://rhn.redhat.com/errata/RHSA-2012-0710.htmlcve@mitre.org
N/A
http://rhn.redhat.com/errata/RHSA-2012-0715.htmlcve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2012:088cve@mitre.org
N/A
http://www.mozilla.org/security/announce/2012/mfsa2012-37.htmlcve@mitre.org
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=670514cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16743cve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2012-0710.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2012-0715.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2012:088af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mozilla.org/security/announce/2012/mfsa2012-37.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=670514af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16743af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0710.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0715.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:088
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mozilla.org/security/announce/2012/mfsa2012-37.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=670514
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16743
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0710.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0715.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:088
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mozilla.org/security/announce/2012/mfsa2012-37.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=670514
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16743
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

184Records found
CVE-2018-5131
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-5.9||MEDIUM
EPSS-1.45% / 79.99%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_desktopFirefoxFirefox ESR
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-5137
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.29% / 78.88%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect WebExtensions. This vulnerability affects Firefox < 59.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-5118
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.43% / 61.97%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the sandbox but could expose local data if combined with another attack that escapes sandbox protections. This vulnerability affects Firefox < 58.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-4519
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 43.26%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-7844
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.40% / 79.67%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier releases are not affected. This vulnerability affects Firefox < 57.0.1.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-4478
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-1.26% / 78.62%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSECanonical Ltd.
Product-firefoxopensuseubuntu_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-2742
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.56% / 67.15%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 39.0 on OS X includes native key press information during the logging of crashes, which allows remote attackers to obtain sensitive information by leveraging access to a crash-reporting data stream.

Action-Not Available
Vendor-n/aMozilla CorporationApple Inc.Oracle Corporation
Product-firefoxmacossolarisn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-0822
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.64% / 69.56%
||
7 Day CHG~0.00%
Published-25 Feb, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxfirefox_esrthunderbirdn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-0834
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.59% / 68.14%
||
7 Day CHG~0.00%
Published-25 Feb, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and completing a brute-force attack within a short time window.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSECanonical Ltd.
Product-firefoxopensuseubuntu_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-8637
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-0.49% / 64.53%
||
7 Day CHG~0.00%
Published-14 Jan, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-5133
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.88% / 74.43%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This stored preference is also executed whenever an EME video player plugin displays a CDM-disabled message as a notification message. This vulnerability affects Firefox < 59.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-29916
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.08%
||
7 Day CHG~0.00%
Published-22 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefox_esrthunderbirdfirefoxThunderbirdFirefox ESRFirefox
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-5884
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.26% / 49.13%
||
7 Day CHG~0.00%
Published-16 Nov, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows remote attackers to obtain sensitive information about the saved searches of arbitrary users via an XMLRPC request or a JSONRPC request, a different vulnerability than CVE-2012-4198.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-4750
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-2.9||LOW
EPSS-0.16% / 37.61%
||
7 Day CHG~0.00%
Published-20 Aug, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP session for transferring files to a managed IVM, which allows remote attackers to discover credentials by sniffing the network.

Action-Not Available
Vendor-n/aIBM Corporation
Product-powervcn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-6641
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.1||LOW
EPSS-0.07% / 20.58%
||
7 Day CHG~0.00%
Published-06 Jan, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-20871
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 54.83%
||
7 Day CHG~0.00%
Published-04 Jan, 2022 | 03:05
Updated-03 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain the credentials if the destination information including credentials are registered in the address book via a specific SOAP message.

Action-Not Available
Vendor-konicaminoltaKONICA MINOLTA, INC.
Product-bizhub_c759_firmwarebizhub_c754ebizhub_c3351_firmwarebizhub_300i_firmwarebizhub_c257i_firmwarebizhub_654bizhub_c3851bizhub_958bizhub_c287i_firmwarebizhub_558e_firmwarebizhub_308bizhub_c658bizhub_284ebizhub_c364ebizhub_360ibizhub_c750ibizhub_754ebizhub_808_firmwarebizhub_458bizhub_c454_firmwarebizhub_c300i_firmwarebizhub_c558bizhub_c364_firmwarebizhub_754bizhub_c554_firmwarebizhub_368_firmwarebizhub_4700i_firmwarebizhub_454e_firmwarebizhub_558_firmwarebizhub_284e_firmwarebizhub_458e_firmwarebizhub_c3350i_firmwarebizhub_c554bizhub_650ibizhub_c3851fs_firmwarebizhub_c650ibizhub_c300ibizhub_c754_firmwarebizhub_246i_firmwarebizhub_368ebizhub_558bizhub_654e_firmwarebizhub_306ibizhub_306i_firmwarebizhub_c3851_firmwarebizhub_4750ibizhub_654ebizhub_c227ibizhub_c3300ibizhub_808bizhub_c4000i_firmwarebizhub_266i_firmwarebizhub_c4050ibizhub_550i_firmwarebizhub_287_firmwarebizhub_558ebizhub_c3350ibizhub_650i_firmwarebizhub_4052bizhub_c554ebizhub_226i_firmwarebizhub_c284_firmwarebizhub_4750i_firmwarebizhub_754e_firmwarebizhub_458_firmwarebizhub_4700ibizhub_450i_firmwarebizhub_c654ebizhub_266ibizhub_c368bizhub_360i_firmwarebizhub_c308bizhub_c287ibizhub_c360ibizhub_300ibizhub_c754bizhub_c3300i_firmwarebizhub_246ibizhub_c224_firmwarebizhub_c3351bizhub_308e_firmwarebizhub_c257ibizhub_c284ebizhub_550ibizhub_c284e_firmwarebizhub_c224e_firmwarebizhub_c759bizhub_c659bizhub_c450i_firmwarebizhub_c287bizhub_c658_firmwarebizhub_c308_firmwarebizhub_c227_firmwarebizhub_c754e_firmwarebizhub_c659_firmwarebizhub_c454ebizhub_c450ibizhub_c284bizhub_654_firmwarebizhub_c3320i_firmwarebizhub_287bizhub_368bizhub_750i_firmwarebizhub_750ibizhub_4050i_firmwarebizhub_308_firmwarebizhub_4752bizhub_c654bizhub_c458bizhub_c558_firmwarebizhub_758bizhub_c4050i_firmwarebizhub_4752_firmwarebizhub_c550ibizhub_c750i_firmwarebizhub_c3851fsbizhub_c227i_firmwarebizhub_c364e_firmwarebizhub_958_firmwarebizhub_227_firmwarebizhub_c224bizhub_c258bizhub_c554e_firmwarebizhub_c250i_firmwarebizhub_450ibizhub_c650i_firmwarebizhub_c550i_firmwarebizhub_658ebizhub_c458_firmwarebizhub_4052_firmwarebizhub_c368_firmwarebizhub_454ebizhub_c360i_firmwarebizhub_368e_firmwarebizhub_c224ebizhub_c454bizhub_4050ibizhub_226ibizhub_554ebizhub_c364bizhub_c250ibizhub_364e_firmwarebizhub_224ebizhub_c4000ibizhub_458ebizhub_554e_firmwarebizhub_758_firmwarebizhub_c3320ibizhub_364ebizhub_c287_firmwarebizhub_224e_firmwarebizhub_754_firmwarebizhub_c654e_firmwarebizhub_c258_firmwarebizhub_c454e_firmwarebizhub_227bizhub_c654_firmwarebizhub_c227bizhub_658e_firmwarebizhub_308ebizhub series
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-20869
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.84%
||
7 Day CHG~0.00%
Published-04 Jan, 2022 | 03:05
Updated-03 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain some of user credentials if LDAP server authentication is enabled via a specific SOAP message.

Action-Not Available
Vendor-konicaminoltaKONICA MINOLTA, INC.
Product-bizhub_c759_firmwarebizhub_c754ebizhub_c3351_firmwarebizhub_300i_firmwarebizhub_c257i_firmwarebizhub_654bizhub_c3851bizhub_958bizhub_c287i_firmwarebizhub_558e_firmwarebizhub_308bizhub_c658bizhub_284ebizhub_c364ebizhub_360ibizhub_c750ibizhub_754ebizhub_808_firmwarebizhub_458bizhub_c454_firmwarebizhub_c300i_firmwarebizhub_c558bizhub_c364_firmwarebizhub_754bizhub_c554_firmwarebizhub_368_firmwarebizhub_4700i_firmwarebizhub_454e_firmwarebizhub_558_firmwarebizhub_284e_firmwarebizhub_458e_firmwarebizhub_c3350i_firmwarebizhub_c554bizhub_650ibizhub_c3851fs_firmwarebizhub_c650ibizhub_c300ibizhub_c754_firmwarebizhub_246i_firmwarebizhub_368ebizhub_558bizhub_654e_firmwarebizhub_306ibizhub_306i_firmwarebizhub_c3851_firmwarebizhub_4750ibizhub_654ebizhub_c227ibizhub_c3300ibizhub_808bizhub_c4000i_firmwarebizhub_266i_firmwarebizhub_c4050ibizhub_550i_firmwarebizhub_287_firmwarebizhub_558ebizhub_c3350ibizhub_650i_firmwarebizhub_4052bizhub_c554ebizhub_226i_firmwarebizhub_c284_firmwarebizhub_4750i_firmwarebizhub_754e_firmwarebizhub_458_firmwarebizhub_4700ibizhub_450i_firmwarebizhub_c654ebizhub_266ibizhub_c368bizhub_360i_firmwarebizhub_c308bizhub_c287ibizhub_c360ibizhub_300ibizhub_c754bizhub_c3300i_firmwarebizhub_246ibizhub_c224_firmwarebizhub_c3351bizhub_308e_firmwarebizhub_c257ibizhub_c284ebizhub_550ibizhub_c284e_firmwarebizhub_c224e_firmwarebizhub_c759bizhub_c659bizhub_c450i_firmwarebizhub_c287bizhub_c658_firmwarebizhub_c308_firmwarebizhub_c227_firmwarebizhub_c754e_firmwarebizhub_c659_firmwarebizhub_c454ebizhub_c450ibizhub_c284bizhub_654_firmwarebizhub_c3320i_firmwarebizhub_287bizhub_368bizhub_750i_firmwarebizhub_750ibizhub_4050i_firmwarebizhub_308_firmwarebizhub_4752bizhub_c654bizhub_c458bizhub_c558_firmwarebizhub_758bizhub_c4050i_firmwarebizhub_4752_firmwarebizhub_c550ibizhub_c750i_firmwarebizhub_c3851fsbizhub_c227i_firmwarebizhub_c364e_firmwarebizhub_958_firmwarebizhub_227_firmwarebizhub_c224bizhub_c258bizhub_c554e_firmwarebizhub_c250i_firmwarebizhub_450ibizhub_c650i_firmwarebizhub_c550i_firmwarebizhub_658ebizhub_c458_firmwarebizhub_4052_firmwarebizhub_c368_firmwarebizhub_454ebizhub_c360i_firmwarebizhub_368e_firmwarebizhub_c224ebizhub_c454bizhub_4050ibizhub_226ibizhub_554ebizhub_c364bizhub_c250ibizhub_364e_firmwarebizhub_224ebizhub_c4000ibizhub_458ebizhub_554e_firmwarebizhub_758_firmwarebizhub_c3320ibizhub_364ebizhub_c287_firmwarebizhub_224e_firmwarebizhub_754_firmwarebizhub_c654e_firmwarebizhub_c258_firmwarebizhub_c454e_firmwarebizhub_227bizhub_c654_firmwarebizhub_c227bizhub_658e_firmwarebizhub_308ebizhub series
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-10599
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.96%
||
7 Day CHG~0.00%
Published-05 Jun, 2018 | 20:00
Updated-16 Sep, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet.

Action-Not Available
Vendor-ICS-CERTPhilips
Product-intellivue_np90_firmwareavalon_fetal\/maternal_monitors_fm50_firmwareintellivue_mp50_firmwareintellivue_mx800intellivue_mx100_firmwareavalon_fetal\/maternal_monitors_fm40_firmwareavalon_fetal\/maternal_monitors_fm20intellivue_mx700intellivue_mx550_firmwareintellivue_mx800_firmwareintellivue_mx400_firmwareintellivue_mx450intellivue_mp30intellivue_mx700_firmwareintellivue_mp30_firmwareintellivue_mp2avalon_fetal\/maternal_monitors_fm30_firmwareintellivue_x2_firmwareintellivue_np90intellivue_mp70_firmwareavalon_fetal\/maternal_monitors_fm50intellivue_mx500intellivue_mp70intellivue_x3intellivue_mp2_firmwareavalon_fetal\/maternal_monitors_fm20_firmwareintellivue_mp50intellivue_x2avalon_fetal\/maternal_monitors_fm30intellivue_mx450_firmwareintellivue_mx100intellivue_x3_firmwareavalon_fetal\/maternal_monitors_fm40intellivue_mx500_firmwareintellivue_mx550intellivue_mx400IntelliVue Patient Monitors, Avalon Fetal/Maternal Monitors
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-1059
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.26% / 48.81%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 18:00
Updated-17 Sep, 2024 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.

Action-Not Available
Vendor-dpdkCanonical Ltd.Red Hat, Inc.
Product-ceph_storageubuntu_linuxenterprise_linux_fast_datapathvirtualizationvirtualization_manageropenshiftopenstackenterprise_linuxdata_plane_development_kitDPDK
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-2730
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-3.5||LOW
EPSS-0.04% / 9.75%
||
7 Day CHG~0.00%
Published-22 Nov, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, the attacker can collect the information of iPhone mode and firmware version.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.Apple Inc.
Product-iphone_oshilinktech_supportHUAWEI HiLink APP (for IOS), HUAWEI Tech Support APP (for IOS)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-17280
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-3.5||LOW
EPSS-0.04% / 9.75%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 17:00
Updated-05 Aug, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NFC (Near Field Communication) module in Huawei mobile phones with software LON-AL00BC00 has an information leak vulnerability. The attacker has to trick a user to do some specific operations and then craft the NFC message to exploit this vulnerability. Successful exploit will cause some information leak.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-lon-al00b_firmwarelon-al00bLON-AL00B
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4856
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.58%
||
7 Day CHG~0.00%
Published-25 Oct, 2019 | 15:44
Updated-06 Aug, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-865L has Information Disclosure.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-865l_firmwaredir-865ln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3984
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-2.9||LOW
EPSS-0.11% / 30.07%
||
7 Day CHG~0.00%
Published-26 May, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sametimen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-1615
Matching Score-4
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-4
Assigner-Symantec - A Division of Broadcom
CVSS Score-2.9||LOW
EPSS-0.11% / 30.78%
||
7 Day CHG~0.00%
Published-08 Jul, 2013 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote attackers to obtain sensitive information via unspecified web-GUI API calls.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-security_information_managersecurity_information_manager_appliancen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-0043
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-5.99% / 90.33%
||
7 Day CHG~0.00%
Published-17 Mar, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Microsoft Active Directory Federation Services Information Disclosure Vulnerability."

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_server_2012windows_10windows_server_2016Active Directory Federation Services
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-6026
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.54%
||
7 Day CHG~0.00%
Published-06 Oct, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sterling_secure_proxyn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-0570
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.33%
||
7 Day CHG~0.00%
Published-13 Jul, 2018 | 21:00
Updated-06 Aug, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Fibre Channel over Ethernet (FCoE) feature in IBM System Networking and Blade Network Technology (BNT) switches running IBM Networking Operating System (aka NOS, formerly BLADE Operating System) floods data frames with unknown MAC addresses out on all interfaces on the same VLAN, which might allow remote attackers to obtain sensitive information in opportunistic circumstances by eavesdropping on the broadcast domain. IBM X-Force ID: 83166.

Action-Not Available
Vendor-n/aIBM Corporation
Product-network_operating_systemflex_system_fabric_cn4093rackswitch_g8124-erflex_system_si4093_rackswitch_g8264rackswitch_g8264-trackswitch_g8264csvirtual_fabricrackswitch_g8124-erackswitch_g8316rackswitch_g8124flex_system_fabric_en4093n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-2422
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.9||LOW
EPSS-0.13% / 33.62%
||
7 Day CHG~0.00%
Published-25 Apr, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Intuit QuickBooks 2009 through 2012 might allow remote attackers to obtain pathname information via the qbwc://docontrol/GetCompanyFile functionality.

Action-Not Available
Vendor-intuitn/a
Product-quickbooksn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2509
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 5.04%
||
7 Day CHG~0.00%
Published-18 Feb, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network.

Action-Not Available
Vendor-beldenn/a
Product-hirschmann_l2ehirschmann_l2bhirschmann_l3phirschmann_l2phirschmann_firmwarehirschmann_l3en/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-7661
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 33.93%
||
7 Day CHG~0.00%
Published-04 Mar, 2018 | 22:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data via certain requests to TCP ports 8258 and 8257.

Action-Not Available
Vendor-babyphonemobilen/a
Product-wifi_baby_monitorn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-7930
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-5.7||MEDIUM
EPSS-0.05% / 13.84%
||
7 Day CHG~0.00%
Published-11 Apr, 2018 | 17:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Near Field Communication (NFC) module in Mate 9 Huawei mobile phones with the versions before MHA-L29B 8.0.0.366(C567) has an information leak vulnerability due to insufficient validation on data transfer requests. When an affected mobile phone sends files to an attacker's mobile phone using the NFC function, the attacker can obtain arbitrary files from the mobile phone, causing information leaks.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-mate_9mate_9_firmwareMate 9
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-4961
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-2.6||LOW
EPSS-0.10% / 27.66%
||
7 Day CHG~0.00%
Published-24 Nov, 2016 | 19:41
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 does not encrypt connections between internal servers, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tealeaf_customer_experiencen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-3340
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.9||LOW
EPSS-0.63% / 69.47%
||
7 Day CHG~0.00%
Published-28 Apr, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.

Action-Not Available
Vendor-n/aopenSUSESUSEXen ProjectFedora ProjectDebian GNU/Linux
Product-fedoraopensusesuse_linux_enterprise_serverlinux_enterprise_desktopsuse_linux_enterprise_desktopxendebian_linuxsuse_linux_enterprise_software_development_kitlinux_enterprise_software_development_kitn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-16673
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 25.43%
||
7 Day CHG~0.00%
Published-09 Nov, 2017 | 04:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to "pair" with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified "specific information" by which the agent identifies a network device that is "appearing to be a valid Datto."

Action-Not Available
Vendor-datton/a
Product-backup_agentn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found