Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-9368

Summary
Assigner-blackberry
Assigner Org ID-dbe78b00-5e7b-4fda-8748-329789ecfc5c
Published At-16 Oct, 2017 | 21:00
Updated At-17 Sep, 2024 | 03:37
Rejected At-
Credits

An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:blackberry
Assigner Org ID:dbe78b00-5e7b-4fda-8748-329789ecfc5c
Published At:16 Oct, 2017 | 21:00
Updated At:17 Sep, 2024 | 03:37
Rejected At:
▼CVE Numbering Authority (CNA)

An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files.

Affected Products
Vendor
BlackBerry LimitedBlackBerry
Product
Workspaces Server
Versions
Affected
  • BlackBerry Workspaces Server components Appliance-X 1.11.0 to 1.11.2, vApp versions 5.6.0 to 5.6.6, and vApp versions 5.5.9 and earlier
Problem Types
TypeCWE IDDescription
textN/AInformation disclosure
Type: text
CWE ID: N/A
Description: Information disclosure
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/96542
vdb-entry
x_refsource_BID
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045696
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/96542
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045696
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/96542
vdb-entry
x_refsource_BID
x_transferred
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045696
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/96542
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045696
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@blackberry.com
Published At:16 Oct, 2017 | 21:29
Updated At:20 Apr, 2025 | 01:37

An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches

BlackBerry Limited
blackberry
>>workspaces_vapp>>5.5.0
cpe:2.3:a:blackberry:workspaces_vapp:5.5.0:*:*:*:*:*:*:*
BlackBerry Limited
blackberry
>>workspaces_vapp>>5.5.1
cpe:2.3:a:blackberry:workspaces_vapp:5.5.1:*:*:*:*:*:*:*
BlackBerry Limited
blackberry
>>workspaces_vapp>>5.5.2
cpe:2.3:a:blackberry:workspaces_vapp:5.5.2:*:*:*:*:*:*:*
BlackBerry Limited
blackberry
>>workspaces_vapp>>5.5.3
cpe:2.3:a:blackberry:workspaces_vapp:5.5.3:*:*:*:*:*:*:*
BlackBerry Limited
blackberry
>>workspaces_vapp>>5.5.4
cpe:2.3:a:blackberry:workspaces_vapp:5.5.4:*:*:*:*:*:*:*
BlackBerry Limited
blackberry
>>workspaces_vapp>>5.5.5
cpe:2.3:a:blackberry:workspaces_vapp:5.5.5:*:*:*:*:*:*:*
BlackBerry Limited
blackberry
>>workspaces_vapp>>5.5.6
cpe:2.3:a:blackberry:workspaces_vapp:5.5.6:*:*:*:*:*:*:*
BlackBerry Limited
blackberry
>>workspaces_vapp>>5.5.7
cpe:2.3:a:blackberry:workspaces_vapp:5.5.7:*:*:*:*:*:*:*
BlackBerry Limited
blackberry
>>workspaces_vapp>>5.5.8
cpe:2.3:a:blackberry:workspaces_vapp:5.5.8:*:*:*:*:*:*:*
BlackBerry Limited
blackberry
>>workspaces_vapp>>5.5.9
cpe:2.3:a:blackberry:workspaces_vapp:5.5.9:*:*:*:*:*:*:*
BlackBerry Limited
blackberry
>>workspaces_vapp>>5.6.0
cpe:2.3:a:blackberry:workspaces_vapp:5.6.0:*:*:*:*:*:*:*
BlackBerry Limited
blackberry
>>workspaces_vapp>>5.6.1
cpe:2.3:a:blackberry:workspaces_vapp:5.6.1:*:*:*:*:*:*:*
BlackBerry Limited
blackberry
>>workspaces_vapp>>5.6.2
cpe:2.3:a:blackberry:workspaces_vapp:5.6.2:*:*:*:*:*:*:*
BlackBerry Limited
blackberry
>>workspaces_vapp>>5.6.3
cpe:2.3:a:blackberry:workspaces_vapp:5.6.3:*:*:*:*:*:*:*
BlackBerry Limited
blackberry
>>workspaces_vapp>>5.6.4
cpe:2.3:a:blackberry:workspaces_vapp:5.6.4:*:*:*:*:*:*:*
BlackBerry Limited
blackberry
>>workspaces_vapp>>5.6.5
cpe:2.3:a:blackberry:workspaces_vapp:5.6.5:*:*:*:*:*:*:*
BlackBerry Limited
blackberry
>>workspaces_vapp>>5.6.6
cpe:2.3:a:blackberry:workspaces_vapp:5.6.6:*:*:*:*:*:*:*
BlackBerry Limited
blackberry
>>workspaces_appliance-x>>Versions up to 1.11.2(inclusive)
cpe:2.3:a:blackberry:workspaces_appliance-x:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045696secure@blackberry.com
Vendor Advisory
http://www.securityfocus.com/bid/96542secure@blackberry.com
Third Party Advisory
VDB Entry
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045696af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/96542af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045696
Source: secure@blackberry.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/96542
Source: secure@blackberry.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045696
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/96542
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

2763Records found

CVE-2021-30169
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-5.3||MEDIUM
EPSS-0.94% / 75.31%
||
7 Day CHG~0.00%
Published-28 Apr, 2021 | 09:30
Updated-17 Sep, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Sensitive Data Exposure-2

The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant user’s credential.

Action-Not Available
Vendor-meritlilinMERIT LILIN ENT.CO.,LTD.
Product-p2g1022x_firmwarep2r8822e4_firmwarep3r6322e2_firmwarez2r6422ax-pz3r6422x3z2r6452ax-pp3r8822e2z2r8152x2-p_firmwarep2r6522e2_firmwarez2r8852ax_firmwarep2r6822e2p2g1022z2r8152x-pp3r6522e2_firmwarez2r6522xz2r8152x2-pp2r6852e4p2g1022_firmwarep2r8852e2z2r6422axz3r8922x3p2r6322ae2p2r6852e2_firmwarep2r6522e4p2r6352ae2_firmwarez2r8852axp2r8852e4_firmwarep2r6322ae2_firmwarez2r8822ax_firmwarez2r6522x_firmwarep2g1022xz3r6422x3_firmwarep2r6522e2z2r8122x2-pp2r6822e4p2r6552e4_firmwarez2r8022ex25z2r8052ex25z2r8822axp2r8822e2p2r6552e2z2r8122x-p_firmwarez2r6422ax-p_firmwarep2r6552e2_firmwarez2r6422ax_firmwarep2r6352ae4_firmwarez2r6552xp2r8852e2_firmwarez2r6552x_firmwarez2r8152x-p_firmwarez2r6452axp2r3052ae2_firmwarep2g1052_firmwarez2r8122x-pp2r6852e2p2r3022ae2_firmwarep2r3052ae2p2r6322ae4_firmwarep3r6322e2p2r6822e2_firmwarep2r8822e2_firmwarez2r6452ax_firmwarep2r6352ae2z2r8022ex25_firmwarep2r6322ae4p2r3022ae2p3r6522e2z3r6522xp2r8822e4p2r6852e4_firmwarep2r6552e4z3r6522x_firmwarep3r8822e2_firmwarep2g1052p2r8852e4z2r8122x2-p_firmwarep2r6822e4_firmwarep2r6522e4_firmwarez2r6452ax-p_firmwarez3r8922x3_firmwarep2r6352ae4z2r8052ex25_firmwareP2/Z2/P3/Z3 IP camera firmware
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2016-10406
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.49%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 14:00
Updated-16 Sep, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, and SD 835, while printing debug message of a pointer in wlan_qmi_err_cb, the real kernel address will be printed regardless of the kptr_restrict system settings.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_412sd_808_firmwaresd_415sd_616sd_430_firmwaresd_615mdm9650sd_650_firmwaresd_625sd_615_firmwaresd_210sd_820_firmwaresd_820sd_650sd_808sd_450_firmwaresd_410sd_617sd_652sd_212_firmwaresd_625_firmwaresd_450sd_412_firmwaresd_430sd_810sd_835_firmwaremdm9650_firmwaresd_410_firmwaresd_835sd_205sd_210_firmwaresd_415_firmwaresd_652_firmwaresd_810_firmwaresd_616_firmwaresd_205_firmwaresd_212sd_617_firmwareSnapdragon Mobile
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-2081
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.46% / 62.92%
||
7 Day CHG~0.00%
Published-10 May, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MediaCAST 8 and earlier does not properly handle requests for inventivex/isptools/release/metadata/globalIncludeFolders.txt, which allows remote attackers to obtain sensitive information via unspecified vectors related to the Public/ directory tree.

Action-Not Available
Vendor-inventivetecn/a
Product-mediacastn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-17321
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 55.40%
||
7 Day CHG~0.00%
Published-30 Oct, 2019 | 20:42
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ClipSoft REXPERT 1.0.0.527 and earlier version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required.

Action-Not Available
Vendor-clipsoftClipSoft
Product-rexpertREXPERT
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-2059
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-0.22% / 44.70%
||
7 Day CHG~0.00%
Published-22 Oct, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ipv6 component in Cisco IOS before 15.1(4)M1.3 allows remote attackers to conduct fingerprinting attacks and obtain potentially sensitive information about the presence of the IOS operating system via an ICMPv6 Echo Request packet containing a Hop-by-Hop (HBH) extension header (EH) with a 0x0c01050c value in the PadN option data, aka Bug ID CSCtq02219.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-19022
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.23%
||
7 Day CHG~0.00%
Published-17 Nov, 2019 | 10:59
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git repositories.

Action-Not Available
Vendor-iterm2n/a
Product-iterm2n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2388
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-47.94% / 97.64%
||
7 Day CHG~0.00%
Published-16 Feb, 2016 | 15:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-30||Apply updates per vendor instructions.

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.

Action-Not Available
Vendor-n/aSAP SE
Product-netweaver_application_server_javan/aNetWeaver
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-2042
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-0.25% / 48.21%
||
7 Day CHG~0.00%
Published-22 Oct, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ciscoworks_common_servicesn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-10140
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-34.27% / 96.84%
||
7 Day CHG~0.00%
Published-13 Jan, 2017 | 09:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server via the /events URI.

Action-Not Available
Vendor-zonemindern/a
Product-zonemindern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-18287
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 55.11%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18286. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serverSPPA-T3000 Application Server
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-27434
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.16%
||
7 Day CHG~0.00%
Published-20 May, 2021 | 13:42
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.

Action-Not Available
Vendor-unified-automationn/aMicrosoft Corporation
Product-.net_framework.net_based_opc_ua_client\/server_sdkOPC UA Products Built with the .NET Framework 4.5, 4.0, and 3.5
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2011-1672
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.80% / 73.03%
||
7 Day CHG~0.00%
Published-10 Apr, 2011 | 01:29
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Dell KACE K2000 Systems Deployment Appliance 3.3.36822 and earlier contains a peinst CIFS share, which allows remote attackers to obtain sensitive information by reading the (1) unattend.xml or (2) sysprep.inf file, as demonstrated by reading a password.

Action-Not Available
Vendor-n/aDell Inc.
Product-kace_k2000_systems_deployment_appliancen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-1368
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.21% / 43.10%
||
7 Day CHG~0.00%
Published-29 Oct, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JavaServer Faces (JSF) application functionality in IBM WebSphere Application Server 8.x before 8.0.0.1 does not properly handle requests, which allows remote attackers to read unspecified files via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-1725
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-1.04% / 76.59%
||
7 Day CHG~0.00%
Published-27 Apr, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to obtain sensitive information via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-network_automationn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-28169
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-5.3||MEDIUM
EPSS-92.09% / 99.70%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 01:55
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.

Action-Not Available
Vendor-NetApp, Inc.Eclipse Foundation AISBLOracle CorporationDebian GNU/Linux
Product-management_services_for_element_softwaredebian_linuxrest_data_servicesactive_iq_unified_managerhcisnap_creator_frameworkcommunications_cloud_native_core_policyjettyEclipse Jetty
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-1647
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-0.21% / 43.48%
||
7 Day CHG~0.00%
Published-31 May, 2011 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the private key for the admin SSL certificate via unspecified vectors, aka Bug ID CSCtn23871.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-wrvs4400n_softwarewrvs4400nrvs4000_softwarervs4000n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2117
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.15%
||
7 Day CHG~0.00%
Published-02 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.

Action-Not Available
Vendor-n/aOracle CorporationLinux Kernel Organization, IncCanonical Ltd.
Product-linux_kernelvm_serverubuntu_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-28164
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-5.3||MEDIUM
EPSS-93.48% / 99.82%
||
7 Day CHG~0.00%
Published-01 Apr, 2021 | 14:20
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.

Action-Not Available
Vendor-Oracle CorporationNetApp, Inc.Eclipse Foundation AISBL
Product-virtual_storage_consolesiebel_core_-_automationbanking_digital_experiencee-series_performance_analyzercommunications_session_route_managersnapcenter_plug-inautovue_for_agile_product_lifecycle_managementcloud_managersnapcenterbanking_apisstorage_replication_adapter_for_clustered_data_ontape-series_santricity_os_controllerelement_plug-in_for_vcenter_servervasa_provider_for_clustered_data_ontape-series_santricity_web_servicessantricity_cloud_connectorjettyEclipse Jetty
CWE ID-CWE-551
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-1103
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.38% / 58.86%
||
7 Day CHG~0.00%
Published-25 Feb, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals the installation path in an error message, as demonstrated with requests to (1) report/infection-table.html or (2) report/productsummary-table.html.

Action-Not Available
Vendor-n/aF-Secure Corporation
Product-policy_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1225
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.75% / 72.15%
||
7 Day CHG-0.25%
Published-19 Jun, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-internet_securityn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1864
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.55% / 66.96%
||
7 Day CHG-0.04%
Published-19 Jun, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.

Action-Not Available
Vendor-n/aApple Inc.
Product-safariiphone_osn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-0774
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.25%
||
7 Day CHG~0.00%
Published-04 Feb, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and (2) includes/spamping.php, which reveals the installation path in an error message.

Action-Not Available
Vendor-pivotxn/a
Product-pivotxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-0890
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-0.74% / 72.02%
||
7 Day CHG~0.00%
Published-25 Mar, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Discovery & Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, 7.61, 7.70, and 9.30 launches the Windows SNMP service with its default configuration, which allows remote attackers to obtain potentially sensitive information or have unspecified other impact by leveraging the public read community.

Action-Not Available
Vendor-n/aHP Inc.Microsoft Corporation
Product-windowsdiscovery\&dependency_mapping_inventoryn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-0775
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.32% / 54.34%
||
7 Day CHG~0.00%
Published-04 Feb, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attackers to obtain sensitive information via a non-existent file in the image parameter, which reveals the installation path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-pivotxn/a
Product-pivotxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1357
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 38.58%
||
7 Day CHG~0.00%
Published-03 Mar, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The password-management administration component in Cisco Policy Suite (CPS) 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0 allows remote attackers to bypass intended RBAC restrictions and read unspecified data via unknown vectors, aka Bug ID CSCut85211.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-cisco_policy_suiten/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-26923
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.76%
||
7 Day CHG~0.00%
Published-15 Mar, 2021 | 14:40
Updated-07 Aug, 2024 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication.

Action-Not Available
Vendor-argoprojn/a
Product-argo_cdn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-0231
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-0.29% / 52.06%
||
7 Day CHG~0.00%
Published-14 Oct, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue."

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-0679
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.56% / 84.94%
||
7 Day CHG~0.00%
Published-28 Jan, 2011 | 20:29
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via a "modified message."

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_portaln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1427
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.23%
||
7 Day CHG-0.31%
Published-18 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_network_registrarn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CVE-2021-26593
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.09%
||
7 Day CHG~0.00%
Published-23 Feb, 2021 | 18:57
Updated-03 Aug, 2024 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. For each call, they get in response a lot of information about the user (such as email address, first name, and last name) but also the secret for 2FA if one exists. This secret can be regenerated. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Action-Not Available
Vendor-rangerstudion/a
Product-directusn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-0776
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.23% / 45.38%
||
7 Day CHG~0.00%
Published-04 Feb, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sandbox implementation in Google Chrome before 9.0.597.84 on Mac OS X might allow remote attackers to obtain potentially sensitive information about local files via vectors related to the stat system call.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-macoschromen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-0579
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5||MEDIUM
EPSS-1.06% / 76.76%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncGoogle LLCOracle CorporationApple Inc.Adobe Inc.
Product-linux_kernelwindowssolarisandroidflash_playermac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-0737
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.89% / 74.63%
||
7 Day CHG~0.00%
Published-01 Feb, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure

Action-Not Available
Vendor-n/aAdobe Inc.
Product-coldfusionn/acoldfusion
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-10073
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-53.55% / 97.90%
||
7 Day CHG~0.00%
Published-23 May, 2017 | 03:56
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.

Action-Not Available
Vendor-vanillaforumsn/a
Product-vanillan/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-4349
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-10.63% / 93.01%
||
7 Day CHG~0.00%
Published-03 Jan, 2011 | 19:26
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.

Action-Not Available
Vendor-n/aMantis Bug Tracker (MantisBT)
Product-mantisbtn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-10423
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.49%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 14:00
Updated-17 Sep, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, when a Trusted Application has opened the SPI interface to a particular device, it is possible for another Trusted Application to read the data on this open interface due to non-exclusive access of the SPI bus.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_652sd_425_firmwaresd_820asd_625_firmwaresd_450sd_425sd_430_firmwaresd_430sd_625sd_820_firmwaresd_820sd_650sd_450_firmwaresd_652_firmwaresd_820a_firmwaresd_650_firmwareSnapdragon Automobile, Snapdragon Mobile
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-4580
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.72% / 71.62%
||
7 Day CHG~0.00%
Published-22 Dec, 2010 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 11.00 does not clear WAP WML form fields after manual navigation to a new web site, which allows remote attackers to obtain sensitive information via an input field that has the same name as an input field on a previously visited web site.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-4225
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.56% / 67.26%
||
7 Day CHG~0.00%
Published-11 Jan, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an "unloading bug."

Action-Not Available
Vendor-monon/a
Product-monon/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4784
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.40% / 84.47%
||
7 Day CHG~0.00%
Published-31 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.83; SIPROTEC 7UT686 : All versions < V 4.01; SIPROTEC 7SD686 : All versions < V 4.03; SIPROTEC 7SJ66 : All versions < V 4.20. The integrated web server (port 80/tcp) of the affected devices could allow remote attackers to obtain sensitive device information if network access was obtained.

Action-Not Available
Vendor-n/aSiemens AG
Product-siprotec_compact_model_7sj80siprotec_compact_model_7sk80siprotec_4_en100siprotec_compact_model_7rw80siprotec_firmwaresiprotec_compact_model_7sj81siprotec_compact_model_7sk81siprotec_compact_model_7sd80siprotec_compact_model_en100n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-25376
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-3.1||LOW
EPSS-0.25% / 47.82%
||
7 Day CHG~0.00%
Published-09 Apr, 2021 | 17:39
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-emailSamsung Email
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-662
Improper Synchronization
CVE-2019-16908
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.38% / 58.86%
||
7 Day CHG~0.00%
Published-01 Nov, 2019 | 11:30
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI.

Action-Not Available
Vendor-infosystan/a
Product-in-app_\&_desktop_notificationsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-4401
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.96% / 89.25%
||
7 Day CHG~0.00%
Published-04 Dec, 2010 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.

Action-Not Available
Vendor-dynpgn/a
Product-dynpgn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-4563
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 50.61%
||
7 Day CHG~0.00%
Published-02 Feb, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-25426
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.20%
||
7 Day CHG~0.00%
Published-08 Jul, 2021 | 13:43
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-4403
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.38% / 58.86%
||
7 Day CHG~0.00%
Published-04 Dec, 2010 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Register Plus plugin 3.5.1 and earlier for WordPress allows remote attackers to obtain sensitive information via a direct request to (1) dash_widget.php and (2) register-plus.php, which reveals the installation path in an error message.

Action-Not Available
Vendor-devbitsn/aWordPress.org
Product-wordpressregister-plusn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-4781
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-5.11% / 89.43%
||
7 Day CHG~0.00%
Published-07 Apr, 2011 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals the installation path in an error message.

Action-Not Available
Vendor-enanocmsn/a
Product-enano_cmsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1079
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-1.38% / 79.55%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors, a different vulnerability than CVE-2016-1092.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-5188
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.73% / 71.71%
||
7 Day CHG~0.00%
Published-26 Aug, 2012 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SilverStripe 2.3.x before 2.3.6 allows remote attackers to obtain sensitive information via the (1) debug_memory parameter to core/control/Director.php or (2) debug_profile parameter to main.php.

Action-Not Available
Vendor-n/aSilverstripe
Product-silverstripen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-25118
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.3||MEDIUM
EPSS-27.36% / 96.23%
||
7 Day CHG~0.00%
Published-28 Feb, 2022 | 09:06
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Yoast SEO 16.7-17.2 - Unauthenticated Full Path Disclosure

The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.

Action-Not Available
Vendor-yoastUnknown
Product-yoast_seoYoast SEO
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-3192
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.79% / 72.88%
||
7 Day CHG~0.00%
Published-12 Oct, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations.

Action-Not Available
Vendor-n/aGNU
Product-glibcn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 55
  • 56
  • Next
Details not found