Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-1550

Summary
Assigner-certcc
Assigner Org ID-37e5125f-f79b-445b-8fad-9564f167944b
Published At-06 Jan, 2017 | 21:00
Updated At-05 Aug, 2024 | 23:02
Rejected At-
Credits

An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:certcc
Assigner Org ID:37e5125f-f79b-445b-8fad-9564f167944b
Published At:06 Jan, 2017 | 21:00
Updated At:05 Aug, 2024 | 23:02
Rejected At:
â–¼CVE Numbering Authority (CNA)

An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.

Affected Products
Vendor
NTP Project
Product
NTP
Versions
Affected
  • 4.2.8p3
  • 4.2.8p4
Vendor
NTPsec Project
Product
NTPSec
Versions
Affected
  • a5fb34b9cc89b92a8fef2f459004865c93bb7f92
Problem Types
TypeCWE IDDescription
textN/Aunspecified
Type: text
CWE ID: N/A
Description: unspecified
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.ubuntu.com/usn/USN-3096-1
vendor-advisory
x_refsource_UBUNTU
http://www.debian.org/security/2016/dsa-3629
vendor-advisory
x_refsource_DEBIAN
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2016:1141
vendor-advisory
x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
vendor-advisory
x_refsource_SUSE
https://www.kb.cert.org/vuls/id/718152
third-party-advisory
x_refsource_CERT-VN
http://rhn.redhat.com/errata/RHSA-2016-1552.html
vendor-advisory
x_refsource_REDHAT
http://www.securitytracker.com/id/1035705
vdb-entry
x_refsource_SECTRACK
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20171004-0002/
x_refsource_CONFIRM
http://www.talosintelligence.com/reports/TALOS-2016-0084/
x_refsource_MISC
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd
vendor-advisory
x_refsource_CISCO
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc
vendor-advisory
x_refsource_FREEBSD
http://www.securityfocus.com/bid/88261
vdb-entry
x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
vendor-advisory
x_refsource_SUSE
https://security.gentoo.org/glsa/201607-15
vendor-advisory
x_refsource_GENTOO
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html
vendor-advisory
x_refsource_SUSE
http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html
vendor-advisory
x_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html
vendor-advisory
x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html
vendor-advisory
x_refsource_SUSE
https://www.debian.org/security/2016/dsa-3629
vendor-advisory
x_refsource_DEBIAN
https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0084
x_refsource_MISC
http://www.securityfocus.com/archive/1/538233/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
vendor-advisory
x_refsource_SUSE
http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html
vendor-advisory
x_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html
vendor-advisory
x_refsource_FEDORA
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
x_refsource_CONFIRM
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
x_refsource_CONFIRM
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
x_refsource_MISC
https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19
x_refsource_MISC
Hyperlink: http://www.ubuntu.com/usn/USN-3096-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.debian.org/security/2016/dsa-3629
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1141
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://www.kb.cert.org/vuls/id/718152
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-1552.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securitytracker.com/id/1035705
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://security.netapp.com/advisory/ntap-20171004-0002/
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.talosintelligence.com/reports/TALOS-2016-0084/
Resource:
x_refsource_MISC
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd
Resource:
vendor-advisory
x_refsource_CISCO
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc
Resource:
vendor-advisory
x_refsource_FREEBSD
Hyperlink: http://www.securityfocus.com/bid/88261
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://security.gentoo.org/glsa/201607-15
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html
Resource:
x_refsource_MISC
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://www.debian.org/security/2016/dsa-3629
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0084
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/archive/1/538233/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
Resource:
x_refsource_CONFIRM
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
Resource:
x_refsource_MISC
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
Resource:
x_refsource_CONFIRM
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
Resource:
x_refsource_MISC
Hyperlink: https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.ubuntu.com/usn/USN-3096-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.debian.org/security/2016/dsa-3629
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
x_refsource_CONFIRM
x_transferred
https://access.redhat.com/errata/RHSA-2016:1141
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://www.kb.cert.org/vuls/id/718152
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-1552.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securitytracker.com/id/1035705
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
x_refsource_CONFIRM
x_transferred
https://security.netapp.com/advisory/ntap-20171004-0002/
x_refsource_CONFIRM
x_transferred
http://www.talosintelligence.com/reports/TALOS-2016-0084/
x_refsource_MISC
x_transferred
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd
vendor-advisory
x_refsource_CISCO
x_transferred
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc
vendor-advisory
x_refsource_FREEBSD
x_transferred
http://www.securityfocus.com/bid/88261
vdb-entry
x_refsource_BID
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://security.gentoo.org/glsa/201607-15
vendor-advisory
x_refsource_GENTOO
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html
x_refsource_MISC
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://www.debian.org/security/2016/dsa-3629
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0084
x_refsource_MISC
x_transferred
http://www.securityfocus.com/archive/1/538233/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html
vendor-advisory
x_refsource_FEDORA
x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
x_refsource_CONFIRM
x_transferred
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
x_refsource_MISC
x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
x_refsource_CONFIRM
x_transferred
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
x_refsource_MISC
x_transferred
https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19
x_refsource_MISC
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-3096-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.debian.org/security/2016/dsa-3629
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1141
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://www.kb.cert.org/vuls/id/718152
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-1552.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securitytracker.com/id/1035705
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20171004-0002/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.talosintelligence.com/reports/TALOS-2016-0084/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd
Resource:
vendor-advisory
x_refsource_CISCO
x_transferred
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc
Resource:
vendor-advisory
x_refsource_FREEBSD
x_transferred
Hyperlink: http://www.securityfocus.com/bid/88261
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201607-15
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://www.debian.org/security/2016/dsa-3629
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0084
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/538233/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cret@cert.org
Published At:06 Jan, 2017 | 21:59
Updated At:06 May, 2026 | 22:30

An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
ntp
ntp
>>ntp>>4.2.8
cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.htmlcret@cert.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.htmlcret@cert.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.htmlcret@cert.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.htmlcret@cert.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.htmlcret@cert.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.htmlcret@cert.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.htmlcret@cert.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlcret@cert.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlcret@cert.org
N/A
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.htmlcret@cert.org
N/A
http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.htmlcret@cert.org
N/A
http://rhn.redhat.com/errata/RHSA-2016-1552.htmlcret@cert.org
N/A
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpdcret@cert.org
N/A
http://www.debian.org/security/2016/dsa-3629cret@cert.org
N/A
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlcret@cert.org
N/A
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlcret@cert.org
N/A
http://www.securityfocus.com/archive/1/538233/100/0/threadedcret@cert.org
N/A
http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threadedcret@cert.org
N/A
http://www.securityfocus.com/bid/88261cret@cert.org
N/A
http://www.securitytracker.com/id/1035705cret@cert.org
N/A
http://www.talosintelligence.com/reports/TALOS-2016-0084/cret@cert.org
Technical Description
Third Party Advisory
http://www.ubuntu.com/usn/USN-3096-1cret@cert.org
N/A
https://access.redhat.com/errata/RHSA-2016:1141cret@cert.org
N/A
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfcret@cert.org
N/A
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdfcret@cert.org
N/A
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asccret@cert.org
N/A
https://security.gentoo.org/glsa/201607-15cret@cert.org
N/A
https://security.netapp.com/advisory/ntap-20171004-0002/cret@cert.org
N/A
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11cret@cert.org
N/A
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11cret@cert.org
N/A
https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19cret@cert.org
N/A
https://www.debian.org/security/2016/dsa-3629cret@cert.org
N/A
https://www.kb.cert.org/vuls/id/718152cret@cert.org
N/A
https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0084cret@cert.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2016-1552.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpdaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2016/dsa-3629af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/538233/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/88261af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1035705af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.talosintelligence.com/reports/TALOS-2016-0084/af854a3a-2127-422b-91ae-364da2661108
Technical Description
Third Party Advisory
http://www.ubuntu.com/usn/USN-3096-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2016:1141af854a3a-2127-422b-91ae-364da2661108
N/A
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfaf854a3a-2127-422b-91ae-364da2661108
N/A
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdfaf854a3a-2127-422b-91ae-364da2661108
N/A
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.ascaf854a3a-2127-422b-91ae-364da2661108
N/A
https://security.gentoo.org/glsa/201607-15af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.netapp.com/advisory/ntap-20171004-0002/af854a3a-2127-422b-91ae-364da2661108
N/A
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11af854a3a-2127-422b-91ae-364da2661108
N/A
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.debian.org/security/2016/dsa-3629af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.kb.cert.org/vuls/id/718152af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0084af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html
Source: cret@cert.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html
Source: cret@cert.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html
Source: cret@cert.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html
Source: cret@cert.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html
Source: cret@cert.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html
Source: cret@cert.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
Source: cret@cert.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
Source: cret@cert.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
Source: cret@cert.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
Source: cret@cert.org
Resource: N/A
Hyperlink: http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html
Source: cret@cert.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-1552.html
Source: cret@cert.org
Resource: N/A
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd
Source: cret@cert.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2016/dsa-3629
Source: cret@cert.org
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Source: cret@cert.org
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Source: cret@cert.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/538233/100/0/threaded
Source: cret@cert.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded
Source: cret@cert.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/88261
Source: cret@cert.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1035705
Source: cret@cert.org
Resource: N/A
Hyperlink: http://www.talosintelligence.com/reports/TALOS-2016-0084/
Source: cret@cert.org
Resource:
Technical Description
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3096-1
Source: cret@cert.org
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1141
Source: cret@cert.org
Resource: N/A
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
Source: cret@cert.org
Resource: N/A
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
Source: cret@cert.org
Resource: N/A
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc
Source: cret@cert.org
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201607-15
Source: cret@cert.org
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20171004-0002/
Source: cret@cert.org
Resource: N/A
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
Source: cret@cert.org
Resource: N/A
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
Source: cret@cert.org
Resource: N/A
Hyperlink: https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19
Source: cret@cert.org
Resource: N/A
Hyperlink: https://www.debian.org/security/2016/dsa-3629
Source: cret@cert.org
Resource: N/A
Hyperlink: https://www.kb.cert.org/vuls/id/718152
Source: cret@cert.org
Resource: N/A
Hyperlink: https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0084
Source: cret@cert.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-1552.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2016/dsa-3629
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/538233/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/88261
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1035705
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.talosintelligence.com/reports/TALOS-2016-0084/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Technical Description
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3096-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1141
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201607-15
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20171004-0002/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.debian.org/security/2016/dsa-3629
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.kb.cert.org/vuls/id/718152
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0084
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2773Records found
CVE-2018-1387
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 40.61%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 16:00
Updated-17 Sep, 2024 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Application Performance Management for Monitoring & Diagnostics (IBM Monitoring 8.1.3 and 8.1.4) may release sensitive personal data to the staff who can access to the database of this product. IBM X-Force ID: 138210.

Action-Not Available
Vendor-IBM Corporation
Product-application_performance_managementcloud_apm_data_collectormonitoringMonitoring
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-6474
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5||MEDIUM
EPSS-0.53% / 67.47%
||
7 Day CHG~0.00%
Published-25 Sep, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to discover cleartext passwords by reading HTML source code.

Action-Not Available
Vendor-ibc_solarn/a
Product-danfoss_tlx_pro\+servemaster_tlp\+n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-1438
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.55%
||
7 Day CHG~0.00%
Published-17 May, 2018 | 21:00
Updated-05 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566.

Action-Not Available
Vendor-n/aIBM Corporation
Product-spectrum_virtualizestorwize_v3500_firmwarestorwize_v3500spectrum_virtualize_for_public_cloudstorwize_v5000_firmwarestorwize_v7000_firmwarestorwize_v3700_firmwarestorwize_v7000storwize_v9000_firmwarestorwize_v3700storwize_v5000san_volume_controllersan_volume_controller_firmwarestorwize_v9000n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4283
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.65%
||
7 Day CHG~0.00%
Published-16 Jul, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5713
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.49% / 65.82%
||
7 Day CHG~0.00%
Published-28 Oct, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote attackers to obtain sensitive log information by visiting an unspecified URL.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-spotfire_analytics_platform_for_awsspotfire_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4741
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.23% / 45.69%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a database connection string within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by client@2/domain@1/hosting/aspdotnet/.

Action-Not Available
Vendor-n/aRed Hat, Inc.Microsoft CorporationParallels International Gmbh
Product-parallels_plesk_panelwindowsenterprise_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4738
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.25% / 48.27%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by get_password.php and certain other files.

Action-Not Available
Vendor-n/aRed Hat, Inc.Microsoft CorporationParallels International Gmbh
Product-parallels_plesk_panelwindowsenterprise_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4759
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.23% / 45.69%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Parallels Plesk Small Business Panel 10.2.0 generates web pages containing external links in response to GET requests with query strings for client@1/domain@1/hosting/file-manager/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue.

Action-Not Available
Vendor-n/aParallels International Gmbh
Product-parallels_plesk_small_business_paneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-1398
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.15%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 16:00
Updated-16 Sep, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote attacker to download certain files that could contain sensitive information. IBM X-Force ID: 138434.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_file_gatewaySterling File Gateway
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4767
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.23% / 45.69%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/Wizard/Status.js and certain other files.

Action-Not Available
Vendor-n/aParallels International Gmbh
Product-parallels_plesk_small_business_paneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4751
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.23% / 45.69%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue.

Action-Not Available
Vendor-smartertoolsn/a
Product-smarterstatsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5858
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-0.50% / 66.00%
||
7 Day CHG~0.00%
Published-18 Sep, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_oswatchosn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4279
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.65%
||
7 Day CHG~0.00%
Published-16 Jul, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setting for course-profiles access control, which makes it easier for remote attackers to obtain potentially sensitive information via vectors involving use of a search engine, as demonstrated by the search functionality of Google, Yahoo!, Wrensoft Zoom, MSN, Yandex, and AltaVista.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-6276
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-0.17% / 37.42%
||
7 Day CHG~0.00%
Published-05 Sep, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco TelePresence IX5000 8.0.3 stores a private key associated with an X.509 certificate under the web root with insufficient access control, which allows remote attackers to obtain cleartext versions of HTTPS traffic or spoof devices via a direct request to the certificate directory, aka Bug ID CSCuu63501.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_system_software_ixn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-14702
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.49% / 65.56%
||
7 Day CHG~0.00%
Published-03 Dec, 2018 | 22:00
Updated-05 Aug, 2024 | 09:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect access control in the /drobopix/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information.

Action-Not Available
Vendor-drobon/a
Product-5n2_firmware5n2n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-32741
Matching Score-4
Assigner-OTRS AG
ShareView Details
Matching Score-4
Assigner-OTRS AG
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 58.43%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 08:01
Updated-16 Sep, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information disclosure in Request New Password feature

Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time.

Action-Not Available
Vendor-OTRS AG
Product-otrsOTRS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4760
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.23% / 45.69%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/email-address/list and certain other files.

Action-Not Available
Vendor-n/aParallels International Gmbh
Product-parallels_plesk_small_business_paneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4728
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.25% / 48.27%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by login_up.php3 and certain other files.

Action-Not Available
Vendor-n/aRed Hat, Inc.Microsoft CorporationParallels International Gmbh
Product-parallels_plesk_panelwindowsenterprise_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4731
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.23% / 45.69%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by admin/home/admin and certain other files.

Action-Not Available
Vendor-n/aRed Hat, Inc.Microsoft CorporationParallels International Gmbh
Product-parallels_plesk_panelwindowsenterprise_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-13897
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.27%
||
7 Day CHG~0.00%
Published-25 Jul, 2019 | 16:33
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Clients hostname gets added to DNS record on device which is running dnsmasq resulting in an information exposure in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_712sd_855sd_730_firmwaremdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_415sd_616sd_670_firmwaresdm660sdm630mdm9607_firmwaresd_615mdm9650sd_636sd_650_firmwaresd_710_firmwaresd_625sd_615_firmwaremsm8909w_firmwaremdm9607msm8996ausd_210sd_636_firmwaresd_650sd_820_firmwaresd_820sd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_652sd_730sd_212_firmwaresd_625_firmwaresd_855_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaremdm9206_firmwareqcs605sd_670sd_835_firmwaremdm9650_firmwaresd_710sd_835sd_205sda660sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_616_firmwaresd_205_firmwaresdm660_firmwaresd_212mdm9640Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4937
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.01% / 2.31%
||
7 Day CHG-0.01%
Published-04 Feb, 2020 | 12:18
Updated-07 Aug, 2024 | 00:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Joomla! 1.7.1 has core information disclosure due to inadequate error checking.

Action-Not Available
Vendor-Joomla!
Product-joomla\!Joomla!
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4756
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.25% / 48.27%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by domains/sitebuilder_edit.php and certain other files.

Action-Not Available
Vendor-n/aParallels International Gmbh
Product-parallels_plesk_small_business_paneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4737
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.25% / 48.27%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling in client@2/domain@1/odbc/dsn@1/properties/.

Action-Not Available
Vendor-n/aRed Hat, Inc.Microsoft CorporationParallels International Gmbh
Product-parallels_plesk_panelwindowsenterprise_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4597
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.69% / 71.81%
||
7 Day CHG~0.00%
Published-15 Dec, 2011 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.

Action-Not Available
Vendor-n/aDigium, Inc.
Product-asteriskn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5730
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-9.54% / 92.91%
||
7 Day CHG~0.00%
Published-09 Nov, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sanitize_widget_instance function in wp-includes/class-wp-customize-widgets.php in WordPress before 4.2.4 does not use a constant-time comparison for widgets, which allows remote attackers to conduct a timing side-channel attack by measuring the delay before inequality is calculated.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-6586
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 33.24%
||
7 Day CHG~0.00%
Published-23 May, 2017 | 03:56
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with software before V200R006C00SPC100 allows remote attackers to obtain sensitive information by leveraging failure to restrict processing of mDNS unicast queries to the link local network.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-wlan_ac6005_firmwarewlan_ac6005wlan_ac6605_firmwarewlan_acu2_firmwarewlan_acu2wlan_ac6605n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-5126
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.24% / 47.68%
||
7 Day CHG~0.00%
Published-26 Aug, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 writes the secure heap to core images, which allows context-dependent attackers to obtain sensitive authentication information by leveraging read access to a downloaded core file.

Action-Not Available
Vendor-bluecoatn/a
Product-sgosn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-6411
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-0.51% / 66.47%
||
7 Day CHG~0.00%
Published-15 Dec, 2015 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by reading an unspecified field, aka Bug ID CSCux37061.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_firewall_management_centern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-14642
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.71% / 72.31%
||
7 Day CHG~0.00%
Published-18 Sep, 2018 | 13:00
Updated-05 Aug, 2024 | 09:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.

Action-Not Available
Vendor-Red Hat, Inc.
Product-jboss_enterprise_application_platformundertowenterprise_linuxundertow
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-31308
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.67% / 71.40%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 13:09
Updated-03 Aug, 2024 | 07:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function.

Action-Not Available
Vendor-n/aWAVLINK Technology Ltd.
Product-aerial_x_1200maerial_x_1200m_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-31309
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 60.68%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 13:09
Updated-03 Aug, 2024 | 07:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function.

Action-Not Available
Vendor-n/aWAVLINK Technology Ltd.
Product-aerial_x_1200maerial_x_1200m_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-13860
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.15%
||
7 Day CHG~0.00%
Published-17 Jul, 2018 | 14:00
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=_0" or "?oid=systemUsers&id=_0" GET request.

Action-Not Available
Vendor-trivumn/a
Product-c4_professional_firmwarec4_professionaln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4748
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.23% / 45.69%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/ajax/core/ajax.inc.js and certain other files.

Action-Not Available
Vendor-n/aParallels International GmbhRed Hat, Inc.
Product-parallels_plesk_panelenterprise_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5490
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.42% / 61.84%
||
7 Day CHG~0.00%
Published-18 Aug, 2015 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors.

Action-Not Available
Vendor-views_projectn/a
Product-viewsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4143
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.23% / 45.69%
||
7 Day CHG~0.00%
Published-27 Jan, 2012 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors.

Action-Not Available
Vendor-n/aRSA Security LLC
Product-envisionn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-13991
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.32%
||
7 Day CHG~0.00%
Published-07 May, 2019 | 17:24
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images.

Action-Not Available
Vendor-n/aPhoenix Contact GmbH & Co. KG
Product-fl_switch_4808e-16fx_sm-4gcfl_switch_3004t-fx_st_firmwarefl_switch_4808e-16fx_lc-4gcfl_switch_3006t-2fx_sm_firmwarefl_switch_4008t-2gt-4fx_smfl_switch_3016_firmwarefl_switch_3016tfl_switch_4008t-2gt-3fx_sm_firmwarefl_switch_4808e-16fx_sm_st-4gcfl_switch_3004t-fx_stfl_switch_3016fl_switch_4808e-16fx-4gc_firmwarefl_switch_3005tfl_switch_4808e-16fx-4gcfl_switch_4012t-2gt-2fx_stfl_switch_3012e-2sfx_firmwarefl_switch_3004t-fxfl_switch_4824e-4gcfl_switch_3005t_firmwarefl_switch_3008t_firmwarefl_switch_4824e-4gc_firmwarefl_switch_4808e-16fx_st-4gc_firmwarefl_switch_4008t-2sfpfl_switch_3008fl_switch_4012t_2gt_2fxfl_switch_3012e-2fx_sm_firmwarefl_switch_3004t-fx_firmwarefl_switch_3006t-2fx_stfl_switch_4808e-16fx_sm_lc-4gc_firmwarefl_switch_3006t-2fx_st_firmwarefl_switch_3006t-2fx_firmwarefl_switch_4008t-2gt-3fx_smfl_switch_4800e-24fx_sm-4gcfl_switch_4800e-24fx_sm-4gc_firmwarefl_switch_4808e-16fx_sm_st-4gc_firmwarefl_switch_4008t-2gt-4fx_sm_firmwarefl_switch_4012t_2gt_2fx_firmwarefl_switch_4808e-16fx_lc-4gc_firmwarefl_switch_3016t_firmwarefl_switch_3016efl_switch_3006t-2fxfl_switch_3008_firmwarefl_switch_3012e-2sfxfl_switch_4000t-8poe-2sfp-rfl_switch_4008t-2sfp_firmwarefl_switch_4012t-2gt-2fx_st_firmwarefl_switch_3005fl_switch_4808e-16fx_st-4gcfl_switch_4808e-16fx_sm_lc-4gcfl_switch_4800e-24fx-4gcfl_switch_4808e-16fx_sm-4gc_firmwarefl_switch_4000t-8poe-2sfp-r_firmwarefl_switch_3016e_firmwarefl_switch_3008tfl_switch_3006t-2fx_smfl_switch_4800e-24fx-4gc_firmwarefl_switch_3012e-2fx_smfl_switch_3005_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4284
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.65%
||
7 Day CHG~0.00%
Published-16 Jul, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moodle 2.0.x before 2.0.2 allows remote attackers to obtain sensitive information from a myprofile (aka My profile) block by visiting a user-context page.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3785
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.65%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP Point Of Sale (POS) 10.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files.

Action-Not Available
Vendor-phppointofsalen/a
Product-php_point_of_salen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3765
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.32% / 54.98%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open-Realty 2.5.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/versions/upgrade_115.inc.php and certain other files.

Action-Not Available
Vendor-open-realtyn/a
Product-open-realtyn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3242
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-0.30% / 53.38%
||
7 Day CHG~0.00%
Published-14 Oct, 2011 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarimac_os_xmac_os_x_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3653
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.23% / 46.19%
||
7 Day CHG~0.00%
Published-09 Nov, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures.

Action-Not Available
Vendor-n/aMozilla CorporationApple Inc.
Product-thunderbirdfirefoxmac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3815
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.26% / 49.34%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WeBid 1.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by js/calendar.php and certain other files.

Action-Not Available
Vendor-webidsupportn/a
Product-webidn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-6135
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-8.46% / 92.41%
||
7 Day CHG~0.00%
Published-09 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorervbscriptjscriptn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3696
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.32% / 54.82%
||
7 Day CHG~0.00%
Published-23 Sep, 2011 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

60cycleCMS 2.5.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by post.php and certain other files.

Action-Not Available
Vendor-60cyclecms_projectn/a
Product-60cyclecmsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3769
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.32% / 54.98%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHPads 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by ads.inc.php.

Action-Not Available
Vendor-blondishn/a
Product-phpadsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3715
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.65%
||
7 Day CHG~0.00%
Published-23 Sep, 2011 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ClanTiger 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/statistics/statistics.php and certain other files.

Action-Not Available
Vendor-clantigern/a
Product-clantigern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3790
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.65%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Piwigo 2.1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/metadata.php and certain other files.

Action-Not Available
Vendor-n/aPiwigo
Product-piwigon/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-32192
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.81%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 22:15
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor.

Action-Not Available
Vendor-n/aCouchbase, Inc.
Product-couchbase_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3800
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.65%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files.

Action-Not Available
Vendor-s9yn/a
Product-serendipityn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3792
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.65%
||
7 Day CHG~0.00%
Published-24 Sep, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pixelpost 1.7.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/functions_feeds.php and certain other files.

Action-Not Available
Vendor-pixelpostn/a
Product-pixelpostn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 55
  • 56
  • Next
Details not found