Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-5180

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-26 Dec, 2012 | 17:00
Updated At-17 Sep, 2024 | 03:49
Rejected At-
Credits

The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:26 Dec, 2012 | 17:00
Updated At:17 Sep, 2024 | 03:49
Rejected At:
▼CVE Numbering Authority (CNA)

The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://jvn.jp/en/jp/JVN27691264/index.html
third-party-advisory
x_refsource_JVN
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000112
third-party-advisory
x_refsource_JVNDB
Hyperlink: http://jvn.jp/en/jp/JVN27691264/index.html
Resource:
third-party-advisory
x_refsource_JVN
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2012-000112
Resource:
third-party-advisory
x_refsource_JVNDB
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://jvn.jp/en/jp/JVN27691264/index.html
third-party-advisory
x_refsource_JVN
x_transferred
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000112
third-party-advisory
x_refsource_JVNDB
x_transferred
Hyperlink: http://jvn.jp/en/jp/JVN27691264/index.html
Resource:
third-party-advisory
x_refsource_JVN
x_transferred
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2012-000112
Resource:
third-party-advisory
x_refsource_JVNDB
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:26 Dec, 2012 | 17:55
Updated At:29 Apr, 2026 | 01:13

The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CPE Matches

Opera
opera
>>opera_mini>>Versions up to 7.4(inclusive)
cpe:2.3:a:opera:opera_mini:*:-:*:*:*:android:*:*
Opera
opera
>>opera_mobile>>Versions up to 12.0(inclusive)
cpe:2.3:a:opera:opera_mobile:*:-:*:*:*:android:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://jvn.jp/en/jp/JVN27691264/index.htmlvultures@jpcert.or.jp
N/A
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000112vultures@jpcert.or.jp
N/A
http://jvn.jp/en/jp/JVN27691264/index.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000112af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://jvn.jp/en/jp/JVN27691264/index.html
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2012-000112
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: http://jvn.jp/en/jp/JVN27691264/index.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2012-000112
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1245Records found

CVE-2014-0815
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-1.03% / 59.52%
||
7 Day CHG~0.00%
Published-06 Feb, 2014 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies.

Action-Not Available
Vendor-n/aGoogle LLCOpera
Product-androidopera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2003-1561
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.97% / 57.49%
||
7 Day CHG~0.00%
Published-14 Jul, 2008 | 23:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.

Action-Not Available
Vendor-n/aOpera
Product-operan/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-5068
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.13% / 62.44%
||
7 Day CHG~0.00%
Published-07 Dec, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Cascading Style Sheets (CSS) implementation in Opera 10.5 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-4046
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.00% / 78.30%
||
7 Day CHG~0.00%
Published-21 Oct, 2010 | 18:12
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-0653
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.83% / 76.23%
||
7 Day CHG~0.00%
Published-18 Feb, 2010 | 17:19
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6608
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-3.35% / 87.22%
||
7 Day CHG~0.00%
Published-28 Mar, 2018 | 21:00
Updated-05 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-2659
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.54% / 71.95%
||
7 Day CHG~0.00%
Published-07 Jul, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site.

Action-Not Available
Vendor-unixn/aApple Inc.OperaMicrosoft Corporation
Product-unixmac_os_xopera_browserwindowsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-4043
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.95% / 77.80%
||
7 Day CHG~0.00%
Published-21 Oct, 2010 | 18:12
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive information via a crafted document.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CVE-2011-3389
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-73.33% / 99.39%
||
7 Day CHG~0.00%
Published-06 Sep, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

Action-Not Available
Vendor-n/aCanonical Ltd.CURLGoogle LLCSiemens AGOperaRed Hat, Inc.Mozilla CorporationMicrosoft CorporationDebian GNU/Linux
Product-simatic_rf68xr_firmwaredebian_linuxubuntu_linuxopera_browserenterprise_linux_desktopsimatic_rf68xrenterprise_linux_server_auschromeinternet_explorerfirefoxenterprise_linux_serverenterprise_linux_workstationsimatic_rf615r_firmwarecurlwindowsenterprise_linux_eussimatic_rf615rn/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2008-5681
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.10% / 61.76%
||
7 Day CHG~0.00%
Published-19 Dec, 2008 | 16:09
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CVE-2010-2661
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.27% / 80.93%
||
7 Day CHG~0.00%
Published-07 Jul, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations.

Action-Not Available
Vendor-unixn/aApple Inc.OperaMicrosoft Corporation
Product-unixmac_os_xopera_browserwindowsn/a
CVE-2012-1926
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.56% / 83.16%
||
7 Day CHG~0.00%
Published-28 Mar, 2012 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the (1) history.pushState and (2) history.replaceState functions in conjunction with cross-domain frames, leading to unintended read access to history.state information.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-6469
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.35% / 68.20%
||
7 Day CHG~0.00%
Published-02 Jan, 2013 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-6466
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.67% / 73.90%
||
7 Day CHG~0.00%
Published-02 Jan, 2013 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3210
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.67% / 73.90%
||
7 Day CHG~0.00%
Published-19 Apr, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-4580
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.17% / 80.06%
||
7 Day CHG~0.00%
Published-22 Dec, 2010 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 11.00 does not clear WAP WML form fields after manual navigation to a new web site, which allows remote attackers to obtain sensitive information via an input field that has the same name as an input field on a previously visited web site.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-1310
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.21% / 64.55%
||
7 Day CHG~0.00%
Published-08 Apr, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3388
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.27% / 80.95%
||
7 Day CHG~0.00%
Published-06 Sep, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 11.51 allows remote attackers to cause an insecure site to appear secure or trusted via unspecified actions related to Extended Validation and loading content from trusted sources in an unspecified sequence that causes the address field and page information dialog to contain security information based on the trusted site, instead of the insecure site.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-7153
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-13.98% / 96.10%
||
7 Day CHG~0.00%
Published-06 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

Action-Not Available
Vendor-n/aApple Inc.Google LLCOperaMozilla CorporationMicrosoft Corporation
Product-internet_explorerfirefoxopera_browsersafariedgechromen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-4695
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-5.98% / 92.41%
||
7 Day CHG~0.00%
Published-23 Oct, 2008 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context.

Action-Not Available
Vendor-n/aOpera
Product-operan/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-2715
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.82% / 76.05%
||
7 Day CHG~0.00%
Published-16 Jun, 2008 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2007-6524
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.31% / 81.29%
||
7 Day CHG~0.00%
Published-24 Dec, 2007 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-5683
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.47% / 70.59%
||
7 Day CHG~0.00%
Published-19 Dec, 2008 | 16:09
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-4199
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.86% / 85.05%
||
7 Day CHG~0.00%
Published-27 Sep, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation."

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-3078
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-3.05% / 85.96%
||
7 Day CHG~0.00%
Published-09 Jul, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2007-2022
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.92% / 91.06%
||
7 Day CHG~0.00%
Published-13 Apr, 2007 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.

Action-Not Available
Vendor-n/aAdobe Inc.Opera
Product-flash_playeropera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2007-1563
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.85% / 90.94%
||
7 Day CHG~0.00%
Published-21 Mar, 2007 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-7152
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-13.98% / 96.10%
||
7 Day CHG~0.00%
Published-06 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

Action-Not Available
Vendor-n/aApple Inc.Google LLCOperaMozilla CorporationMicrosoft Corporation
Product-internet_explorerfirefoxsafariedgechromeoperan/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1187
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.8||MEDIUM
EPSS-1.19% / 64.25%
||
7 Day CHG~0.00%
Published-21 Apr, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-kunain/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1337
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-4.57% / 90.45%
||
7 Day CHG~0.00%
Published-03 Jul, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco EPC3928 devices allow remote attackers to obtain sensitive configuration and credential information by making requests during the early part of the boot process, related to a "Boot Information Disclosure" issue, aka Bug ID CSCux17178.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-epc3928epc3928_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0715
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-1.25% / 65.74%
||
7 Day CHG~0.00%
Published-11 Sep, 2018 | 17:00
Updated-16 Sep, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-cloud_foundry_elastic_runtimePivotal Cloud Foundry Elastic Runtime
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-10234
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.50% / 39.12%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 18:00
Updated-16 Sep, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in the Qualcomm IPA driver. Product: Android. Versions: Android kernel. Android ID: A-34390017. References: QC-CR#1069060.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-10212
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-3.06% / 85.98%
||
7 Day CHG~0.00%
Published-08 Feb, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to CVE-2016-0270. NOTE: this issue may be due to the use of a third-party Cavium product.

Action-Not Available
Vendor-radwaren/a
Product-alteonn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-10213
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-2.06% / 78.97%
||
7 Day CHG~0.00%
Published-08 Feb, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generations, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270.

Action-Not Available
Vendor-n/aA10 Networks
Product-advanced_core_operating_systemn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0708
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-1.56% / 72.18%
||
7 Day CHG~0.00%
Published-11 Jul, 2018 | 20:00
Updated-05 Aug, 2024 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack detection, passed through the Java Buildpack detection script, and allow the serving of static content from within the deployed artifact. The default Apache Tomcat configuration in the affected java buildpack versions for some basic web application archive (WAR) packaged applications are vulnerable to this issue.

Action-Not Available
Vendor-Cloud Foundry
Product-java_buildpackcf-releaseCloud Foundry
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0787
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-2.70% / 84.09%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."

Action-Not Available
Vendor-libssh2n/aopenSUSEDebian GNU/LinuxFedora Project
Product-debian_linuxfedoralibssh2opensusen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4765
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.05% / 60.23%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by Wizard/Edit/Modules/ImageGallery/MultiImagesUpload and certain other files.

Action-Not Available
Vendor-n/aParallels International Gmbh
Product-parallels_plesk_small_business_paneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0739
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-2.43% / 82.24%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."

Action-Not Available
Vendor-libsshn/aCanonical Ltd.Red Hat, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxfedoralibsshenterprise_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4848
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.05% / 60.23%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling in certain files under client@1/domain@1/backup/local-repository/.

Action-Not Available
Vendor-n/aMicrosoft CorporationParallels International Gmbh
Product-parallels_plesk_panelwindows_2003_serverwindows_server_2008n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0831
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.48% / 37.74%
||
7 Day CHG~0.00%
Published-12 Mar, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 25778215.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-10236
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.42% / 33.93%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 18:00
Updated-16 Sep, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in the Qualcomm USB driver. Product: Android. Versions: Android kernel. Android ID: A-33280689. References: QC-CR#1102418.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0704
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-6.90% / 93.30%
||
7 Day CHG~0.00%
Published-02 Mar, 2016 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0703
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-5.40% / 91.70%
||
7 Day CHG~0.00%
Published-02 Mar, 2016 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9031
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-3.3||LOW
EPSS-0.43% / 34.62%
||
7 Day CHG~0.00%
Published-13 Jun, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAll Qualcomm products
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0059
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-23.66% / 97.53%
||
7 Day CHG~0.00%
Published-10 Feb, 2016 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted URL in a (1) e-mail message or (2) Office document, aka "Internet Explorer Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0270
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-3.10% / 86.15%
||
7 Day CHG~0.00%
Published-08 Feb, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue.

Action-Not Available
Vendor-n/aIBM Corporation
Product-dominonotesclient_application_accessn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0378
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-1.65% / 73.67%
||
7 Day CHG~0.00%
Published-24 Nov, 2016 | 19:41
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0201
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-2.03% / 78.70%
||
7 Day CHG~0.00%
Published-18 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_network_protection_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0141
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.90% / 91.02%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 export a certificate-store private key during a document-save operation, which allows attackers to obtain sensitive information via unspecified vectors, aka "Microsoft Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0028
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-22.55% / 97.43%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka "Microsoft Exchange Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_serveroutlook_web_accessn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 24
  • 25
  • Next
Details not found