Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-3231

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-22 Jun, 2015 | 19:00
Updated At-06 Aug, 2024 | 05:39
Rejected At-
Credits

The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:22 Jun, 2015 | 19:00
Updated At:06 Aug, 2024 | 05:39
Rejected At:
▼CVE Numbering Authority (CNA)

The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161265.html
vendor-advisory
x_refsource_FEDORA
http://www.debian.org/security/2015/dsa-3291
vendor-advisory
x_refsource_DEBIAN
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.html
vendor-advisory
x_refsource_FEDORA
https://www.drupal.org/SA-CORE-2015-002
x_refsource_CONFIRM
http://www.securityfocus.com/bid/75286
vdb-entry
x_refsource_BID
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161265.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.debian.org/security/2015/dsa-3291
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://www.drupal.org/SA-CORE-2015-002
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/75286
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161265.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.debian.org/security/2015/dsa-3291
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.html
vendor-advisory
x_refsource_FEDORA
x_transferred
https://www.drupal.org/SA-CORE-2015-002
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/75286
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161265.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.debian.org/security/2015/dsa-3291
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://www.drupal.org/SA-CORE-2015-002
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/75286
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:22 Jun, 2015 | 19:59
Updated At:12 Apr, 2025 | 10:46

The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:N
CPE Matches

The Drupal Association
drupal
>>drupal>>7.0
cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.0
cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.0
cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.0
cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.0
cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.0
cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.0
cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.0
cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.0
cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.0
cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.0
cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.0
cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.0
cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.0
cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.0
cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.0
cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.1
cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.2
cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.3
cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.4
cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.5
cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.6
cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.7
cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.8
cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.9
cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.10
cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.11
cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.12
cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.13
cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.14
cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.15
cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.16
cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.17
cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.18
cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.19
cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.20
cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.21
cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.22
cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.23
cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.24
cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.25
cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.26
cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.27
cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.28
cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.29
cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.30
cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.33
cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.34
cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.35
cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>7.36
cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161265.htmlsecalert@redhat.com
N/A
http://www.debian.org/security/2015/dsa-3291secalert@redhat.com
N/A
http://www.securityfocus.com/bid/75286secalert@redhat.com
N/A
https://www.drupal.org/SA-CORE-2015-002secalert@redhat.com
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161265.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2015/dsa-3291af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/75286af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.drupal.org/SA-CORE-2015-002af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161265.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2015/dsa-3291
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/75286
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.drupal.org/SA-CORE-2015-002
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161265.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2015/dsa-3291
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/75286
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.drupal.org/SA-CORE-2015-002
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1249Records found

CVE-2012-3802
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.32% / 54.62%
||
7 Day CHG~0.00%
Published-27 Jun, 2012 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors.

Action-Not Available
Vendor-peter_pokrivcakn/aThe Drupal Association
Product-drupalpost_affiliate_pron/a
CVE-2020-29130
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 61.41%
||
7 Day CHG~0.00%
Published-26 Nov, 2020 | 00:00
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.

Action-Not Available
Vendor-libslirp_projectn/aDebian GNU/LinuxFedora Project
Product-libslirpdebian_linuxfedoran/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-29129
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.56%
||
7 Day CHG~0.00%
Published-26 Nov, 2020 | 19:03
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.

Action-Not Available
Vendor-libslirp_projectn/aDebian GNU/LinuxFedora Project
Product-libslirpdebian_linuxfedoran/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2012-2153
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-0.42% / 61.27%
||
7 Day CHG~0.00%
Published-01 Oct, 2012 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-drupaln/a
CVE-2009-2077
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.20% / 42.18%
||
7 Day CHG~0.00%
Published-16 Jun, 2009 | 19:00
Updated-17 Sep, 2024 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and (1) read unpublished content from anonymous users when a view is already configured to display the content, and (2) read private content in generated queries.

Action-Not Available
Vendor-angrydonutsn/aThe Drupal Association
Product-viewsdrupaln/a
CWE ID-CWE-264
Not Available
CVE-2019-9849
Matching Score-8
Assigner-Document Foundation, The
ShareView Details
Matching Score-8
Assigner-Document Foundation, The
CVSS Score-4.3||MEDIUM
EPSS-3.34% / 86.78%
||
7 Day CHG~0.00%
Published-17 Jul, 2019 | 11:26
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.

Action-Not Available
Vendor-libreofficeDocument FoundationCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedoralibreofficeleapLibreOffice
CVE-2019-9892
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 63.57%
||
7 Day CHG-0.03%
Published-21 May, 2019 | 23:17
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOTRS AG
Product-otrsdebian_linuxn/a
CWE ID-CWE-91
XML Injection (aka Blind XPath Injection)
CVE-2012-1655
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-0.25% / 48.31%
||
7 Day CHG~0.00%
Published-18 Sep, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the UC PayDutchGroup / WeDeal payment module 6.x-1.0 for Drupal allows remote authenticated users to obtain account credentials via unknown attack vectors.

Action-Not Available
Vendor-sven_decabootern/aThe Drupal Association
Product-drupaluc_paydutchgroup_\/_wedeal_paymentn/a
CVE-2015-5174
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.21% / 78.15%
||
7 Day CHG~0.00%
Published-25 Feb, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.

Action-Not Available
Vendor-n/aThe Apache Software FoundationDebian GNU/LinuxCanonical Ltd.
Product-debian_linuxtomcatubuntu_linuxn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2012-1590
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-0.27% / 50.55%
||
7 Day CHG~0.00%
Published-01 Oct, 2012 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-drupaln/a
CVE-2019-18890
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-28.95% / 96.39%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 17:46
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query.

Action-Not Available
Vendor-redminen/aDebian GNU/Linux
Product-redminedebian_linuxn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-14864
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.94% / 75.22%
||
7 Day CHG-0.22%
Published-02 Jan, 2020 | 14:23
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.openSUSE
Product-ceph_storagecloudforms_management_enginedebian_linuxenterprise_linuxansiblebackports_sleansible_towerleapAnsible
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CWE ID-CWE-117
Improper Output Neutralization for Logs
CVE-2021-24119
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.29% / 52.34%
||
7 Day CHG-0.06%
Published-14 Jul, 2021 | 00:00
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectArm Limited
Product-mbed_tlsdebian_linuxfedoran/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2019-13458
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.44% / 62.15%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 00:00
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to disclose hashed user passwords.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOTRS AG
Product-otrsdebian_linuxn/a
CVE-2019-14433
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.59% / 68.18%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 18:21
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxOpenStackRed Hat, Inc.
Product-ubuntu_linuxdebian_linuxopenstacknovan/a
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2011-4350
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-25.88% / 96.06%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 04:49
Updated-07 Aug, 2024 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request.

Action-Not Available
Vendor-yawsyawsDebian GNU/Linux
Product-yawsdebian_linuxyaws
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-10868
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 51.25%
||
7 Day CHG~0.00%
Published-05 Apr, 2019 | 00:25
Updated-04 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the user to guess values.

Action-Not Available
Vendor-trytonn/aDebian GNU/Linux
Product-debian_linuxtrytondn/a
CWE ID-CWE-862
Missing Authorization
CVE-2019-10206
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.21% / 43.95%
||
7 Day CHG-0.02%
Published-22 Nov, 2019 | 00:00
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.openSUSE
Product-ansibledebian_linuxbackports_sleleapAnsible
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-2588
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.33% / 55.11%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 02:00
Updated-03 Oct, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxHP Inc.Oracle CorporationRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxxp7_command_viewenterprise_linux_server_eusenterprise_linux_server_aussatellitejdkstruxureware_data_center_expertjrockitxp_command_viewdebian_linuxxp_p9000_command_viewjreenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopJava
CVE-2018-1305
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-17.66% / 94.84%
||
7 Day CHG~0.00%
Published-23 Feb, 2018 | 23:00
Updated-17 Sep, 2024 | 01:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.

Action-Not Available
Vendor-Canonical Ltd.The Apache Software FoundationDebian GNU/LinuxOracle Corporation
Product-ubuntu_linuxdebian_linuxtomcatfusion_middlewaremanaged_file_transfermicros_relate_crm_softwareApache Tomcat
CVE-2018-12564
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 54.81%
||
7 Day CHG~0.00%
Published-19 Jun, 2018 | 05:00
Updated-05 Aug, 2024 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml.

Action-Not Available
Vendor-linaron/aDebian GNU/Linux
Product-debian_linuxlavan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-43332
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.19%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 20:45
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGNU
Product-mailmandebian_linuxn/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-42096
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.39% / 59.27%
||
7 Day CHG~0.00%
Published-21 Oct, 2021 | 00:40
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGNU
Product-mailmandebian_linuxn/a
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2018-0504
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-6.5||MEDIUM
EPSS-2.23% / 83.85%
||
7 Day CHG~0.00%
Published-04 Oct, 2018 | 20:00
Updated-17 Sep, 2024 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information disclosure in Special:Redirect/logid

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid

Action-Not Available
Vendor-Debian GNU/LinuxWikimedia Foundation
Product-debian_linuxmediawikimediawiki
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2017-7650
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-6.5||MEDIUM
EPSS-0.65% / 69.77%
||
7 Day CHG~0.00%
Published-11 Sep, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto.

Action-Not Available
Vendor-Eclipse Foundation AISBLDebian GNU/Linux
Product-debian_linuxmosquittoMosquitto
CWE ID-CWE-287
Improper Authentication
CVE-2017-6922
Matching Score-8
Assigner-Drupal.org
ShareView Details
Matching Score-8
Assigner-Drupal.org
CVSS Score-6.5||MEDIUM
EPSS-0.49% / 64.69%
||
7 Day CHG~0.00%
Published-22 Jan, 2019 | 15:00
Updated-16 Sep, 2024 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Files uploaded by anonymous users into a private file system can be accessed by other anonymous users

In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system.

Action-Not Available
Vendor-Debian GNU/LinuxThe Drupal Association
Product-debian_linuxdrupalDrupal Core
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2021-32672
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 51.84%
||
7 Day CHG~0.00%
Published-04 Oct, 2021 | 17:40
Updated-03 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerability in Lua Debugger in Redis

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.

Action-Not Available
Vendor-Red Hat, Inc.Redis Inc.Oracle CorporationNetApp, Inc.Debian GNU/LinuxFedora Project
Product-communications_operations_monitordebian_linuxsoftware_collectionsmanagement_services_for_netapp_hcifedoraenterprise_linuxredismanagement_services_for_element_softwareredis
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-16790
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.72% / 71.64%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 21:00
Updated-05 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST data and uploaded files data into one array. This big array forms the data that are then bound to the form. At this stage there is no difference anymore between submitted POST data and uploaded files. A user can send a crafted HTTP request where the value of a "FileType" is sent as normal POST data that could be interpreted as a local file path on the server-side (for example, "file:///etc/passwd"). If the application did not perform any additional checks about the value submitted to the "FileType", the contents of the given file on the server could have been exposed to the attacker.

Action-Not Available
Vendor-sensiolabsn/aDebian GNU/Linux
Product-debian_linuxsymfonyn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-29447
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-89.76% / 99.54%
||
7 Day CHG+1.03%
Published-15 Apr, 2021 | 21:10
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Authenticated XXE attack when installation is running PHP 8

Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.

Action-Not Available
Vendor-WordPressDebian GNU/LinuxWordPress.org
Product-wordpressdebian_linuxwordpress-develop
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2012-4430
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-0.61% / 68.70%
||
7 Day CHG~0.00%
Published-10 Oct, 2012 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.

Action-Not Available
Vendor-baculan/aDebian GNU/Linux
Product-baculadebian_linuxn/a
CVE-2017-12197
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.43% / 61.54%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 21:00
Updated-05 Aug, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.

Action-Not Available
Vendor-libpam4j_projectDebian GNU/LinuxRed Hat, Inc.
Product-libpam4jdebian_linuxenterprise_linuxlibpam4j
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-20
Improper Input Validation
CVE-2022-23648
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-6.17% / 90.46%
||
7 Day CHG+1.53%
Published-03 Mar, 2022 | 00:00
Updated-03 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure handling of image volumes in containerd CRI plugin

containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.

Action-Not Available
Vendor-containerdDebian GNU/LinuxFedora ProjectThe Linux Foundation
Product-containerddebian_linuxfedoracontainerd
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-23634
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8||HIGH
EPSS-0.40% / 60.03%
||
7 Day CHG+0.03%
Published-11 Feb, 2022 | 21:40
Updated-23 Apr, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Exposure when using Puma with Rails

Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the vulnerability.

Action-Not Available
Vendor-Fedora ProjectPumaDebian GNU/LinuxRuby on Rails
Product-pumadebian_linuxfedorarailspuma
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2022-23633
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-0.27% / 50.23%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 00:00
Updated-03 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exposure of sensitive information in Action Pack

Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.

Action-Not Available
Vendor-Debian GNU/LinuxRuby on Rails
Product-debian_linuxrailsrails
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CVE-2022-23607
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.91%
||
7 Day CHG+0.12%
Published-01 Feb, 2022 | 11:01
Updated-03 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unsafe handling of user-specified cookies in treq

treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods (`treq.get`, `treq.post`, etc.) and `treq.client.HTTPClient` constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to *every* domain ("supercookies"). This can potentially cause sensitive information to leak upon an HTTP redirect to a different domain., e.g. should `https://example.com` redirect to `http://cloudstorageprovider.com` the latter will receive the cookie `session`. Treq 2021.1.0 and later bind cookies given to request methods (`treq.request`, `treq.get`, `HTTPClient.request`, `HTTPClient.get`, etc.) to the origin of the *url* parameter. Users are advised to upgrade. For users unable to upgrade Instead of passing a dictionary as the *cookies* argument, pass a `http.cookiejar.CookieJar` instance with properly domain- and scheme-scoped cookies in it.

Action-Not Available
Vendor-twistedmatrixtwistedDebian GNU/Linux
Product-debian_linuxtreqtreq
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CVE-2010-4074
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-1.9||LOW
EPSS-0.07% / 23.20%
||
7 Day CHG~0.00%
Published-29 Nov, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/Linux
Product-linux_kerneldebian_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-4079
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-1.9||LOW
EPSS-0.07% / 23.20%
||
7 Day CHG~0.00%
Published-29 Nov, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ivtvfb_ioctl function in drivers/media/video/ivtv/ivtvfb.c in the Linux kernel before 2.6.36-rc8 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/Linux
Product-linux_kerneldebian_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-4072
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-1.9||LOW
EPSS-0.10% / 27.46%
||
7 Day CHG~0.00%
Published-29 Nov, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSEDebian GNU/LinuxCanonical Ltd.openSUSE
Product-linux_kernelubuntu_linuxopensusedebian_linuxlinux_enterprise_software_development_kitlinux_enterprise_serverlinux_enterprise_real_time_extensionlinux_enterprise_desktopn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-4073
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-1.9||LOW
EPSS-0.24% / 47.20%
||
7 Day CHG~0.00%
Published-29 Nov, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c.

Action-Not Available
Vendor-n/aSUSELinux Kernel Organization, IncDebian GNU/LinuxopenSUSE
Product-linux_kernelopensusedebian_linuxlinux_enterprise_software_development_kitlinux_enterprise_serverlinux_enterprise_real_time_extensionlinux_enterprise_desktopn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-3875
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.07% / 22.77%
||
7 Day CHG~0.00%
Published-03 Jan, 2011 | 19:26
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/Linux
Product-linux_kerneldebian_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-4080
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.09% / 25.80%
||
7 Day CHG~0.00%
Published-30 Nov, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call.

Action-Not Available
Vendor-n/aSUSELinux Kernel Organization, IncDebian GNU/LinuxopenSUSE
Product-linux_kernelopensusedebian_linuxlinux_enterprise_software_development_kitlinux_enterprise_serverlinux_enterprise_real_time_extensionlinux_enterprise_desktopn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-3298
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.07% / 22.07%
||
7 Day CHG~0.00%
Published-30 Sep, 2010 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The hso_get_count function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSEDebian GNU/LinuxCanonical Ltd.openSUSE
Product-linux_kernelubuntu_linuxopensusedebian_linuxlinux_enterprise_serverlinux_enterprise_real_time_extensionlinux_enterprise_desktopn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-3296
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.10% / 28.47%
||
7 Day CHG~0.00%
Published-30 Sep, 2010 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIO_GET_QSET_NUM ioctl call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSEDebian GNU/LinuxCanonical Ltd.openSUSE
Product-linux_kernelubuntu_linuxopensusedebian_linuxlinux_enterprise_serverlinux_enterprise_real_time_extensionlinux_enterprise_desktopn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-2226
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.08% / 25.06%
||
7 Day CHG~0.00%
Published-03 Sep, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file.

Action-Not Available
Vendor-n/aSUSELinux Kernel Organization, IncCanonical Ltd.Debian GNU/Linux
Product-linux_kernelubuntu_linuxdebian_linuxlinux_enterprise_software_development_kitlinux_enterprise_serverlinux_enterprise_desktopn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-26049
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-2.4||LOW
EPSS-0.26% / 49.48%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 20:35
Updated-13 Feb, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cookie parsing of quoted values can exfiltrate values from other cookies in Eclipse Jetty

Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Eclipse Foundation AISBL
Product-debian_linuxe-series_santricity_unified_managere-series_santricity_os_controlleractive_iq_unified_managere-series_santricity_web_servicesjettyjetty.project
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-2450
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.79%
||
7 Day CHG~0.00%
Published-07 Nov, 2019 | 20:06
Updated-07 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default.

Action-Not Available
Vendor-shibbolethn/aDebian GNU/Linux
Product-service_providerdebian_linuxn/a
CWE ID-CWE-916
Use of Password Hash With Insufficient Computational Effort
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-2531
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-4.86% / 89.15%
||
7 Day CHG~0.00%
Published-20 Aug, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion.

Action-Not Available
Vendor-n/aDebian GNU/LinuxThe PHP Group
Product-phpdebian_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-21712
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.19% / 41.57%
||
7 Day CHG~0.00%
Published-07 Feb, 2022 | 00:00
Updated-23 Apr, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cookie and header exposure in twisted

twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.

Action-Not Available
Vendor-twistedtwistedFedora ProjectDebian GNU/Linux
Product-debian_linuxtwistedfedoratwisted
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-346
Origin Validation Error
CVE-2010-0003
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 19.72%
||
7 Day CHG~0.00%
Published-26 Jan, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/Linux
Product-linux_kerneldebian_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2009-5045
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.87% / 82.36%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 19:51
Updated-07 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dump Servlet information leak in jetty before 6.1.22.

Action-Not Available
Vendor-n/aDebian GNU/LinuxEclipse Foundation AISBL
Product-debian_linuxjettyn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 24
  • 25
  • Next
Details not found