Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter.
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 4.1 (Confidentiality impacts).
Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.
Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to API routes beneath "hosts," as demonstrated by a GET request to api/v2/hosts/secrethost/interfaces.
Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notification is set to be sent to each recipient individually. This issue affects: OTRS AG OTRSCustomContactFields 8.0.x version: 8.0.11 and prior versions.
Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.
The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document.
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine.
In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case it is possible that the user can see another users events or configuration information for whatever view is currently showing.
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine.
In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorizations on the control system may be able to access the user credentials and gain unauthorized access to data in the captured or target system.
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where the vulnerable homeserver is in the room and untrusted users are permitted to create groups (communities). By default, only homeserver administrators can create groups. However, homeserver administrators can already access this information in the database or using the admin API. As a result, only homeservers where the configuration setting `enable_group_creation` has been set to `true` are impacted. Server administrators should upgrade to 1.41.1 or higher to patch the vulnerability. There are two potential workarounds. Server administrators can set `enable_group_creation` to `false` in their homeserver configuration (this is the default value) to prevent creation of groups by non-administrators. Administrators that are using a reverse proxy could, with partial loss of group functionality, block the endpoints `/_matrix/client/r0/groups/{group_id}/rooms` and `/_matrix/client/unstable/groups/{group_id}/rooms`.
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173.
cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364).
HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a GetQuote operation, related to an XML External Entity (XXE) issue.
OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list.
Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket.
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced privileges or shared environments. However the setting was incorrectly recognized and cookies were stored regardless of this setting when the login was performed using a non-interactive login method. In case the setting was enforced by middleware configuration or the user went through the interactive login page, the workflow was correct. Cookies with authentication information may become available to other users on shared environments. In case the user did not properly log out from the session, third parties with access to the same client can access a user's account.
FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors.
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.
IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613.
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share.
Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended that the Nextcloud Mail application is upgraded to 1.10.4 or 1.11.0. There are no known workarounds aside from upgrading.
The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.
EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.
Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.
Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials.
The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inserting a token, which embeds a rendered entity in the main node.
salt before 2015.5.5 leaks git usernames and passwords to the log.
IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses.
Keystone 5 is an open source CMS platform to build Node.js applications. This security advisory relates to a newly discovered capability in our query infrastructure to directly or indirectly expose the values of private fields, bypassing the configured access control. This is an access control related oracle attack in that the attack method guides an attacker during their attempt to reveal information they do not have access to. The complexity of completing the attack is limited by some length-dependent behaviors and the fidelity of the exposed information. Under some circumstances, field values or field value meta data can be determined, despite the field or list having `read` access control configured. If you use private fields or lists, you may be impacted. No patches exist at this time. There are no workarounds at this time
img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the next_file parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerability than CVE-2004-2507.
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions.
MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Users of MuWire desktop client prior to version 0.8.8 can be de-anonymized by an attacker who knows their full ID. An attacker could send a message with a subject line containing a URL with an HTML image tag and the MuWire client would try to fetch that image via clearnet, thus exposing the IP address of the user. The problem is fixed in MuWire 0.8.8. As a workaround, users can disable messaging functionality to prevent other users from sending them malicious messages.
Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote attackers to obtain sensitive logged-in username and version-related information via a crafted webpage.
The Dynamic display block module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users to bypass intended access restrictions and read sensitive titles by leveraging the "administer ddblock" permission.
Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: OAM Client). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data. CVSS v3.0 Base Score 4.9 (Confidentiality impacts).
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069.
Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive.
The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.
The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the "Ask user for a password when registering" option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the database.
EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading this file.
The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.
The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id number in the file_id parameter to file_download.php.
Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors.
IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows remote authenticated users to obtain sensitive information via a man-in-the-middle attack, related to duplication of message data in cleartext outside the protected payload. IBM X-Force ID: 103482.
/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.
IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.7 do not ensure that the correct security profile is selected, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.