Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-54137

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-06 Dec, 2024 | 16:00
Updated At-10 Dec, 2024 | 16:10
Rejected At-
Credits

liboqs has a correctness error in HQC decapsulation

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext. This vulnerability is fixed in 0.12.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:06 Dec, 2024 | 16:00
Updated At:10 Dec, 2024 | 16:10
Rejected At:
▼CVE Numbering Authority (CNA)
liboqs has a correctness error in HQC decapsulation

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext. This vulnerability is fixed in 0.12.0.

Affected Products
Vendor
open-quantum-safe
Product
liboqs
Versions
Affected
  • < 0.12.0
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-200
Description: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Metrics
VersionBase scoreBase severityVector
3.17.4HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7
x_refsource_CONFIRM
https://github.com/open-quantum-safe/liboqs/commit/cce1bfde4e52c524b087b9687020d283fbde0f24
x_refsource_MISC
Hyperlink: https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/open-quantum-safe/liboqs/commit/cce1bfde4e52c524b087b9687020d283fbde0f24
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
open_quantum_safe
Product
liboqs
CPEs
  • cpe:2.3:a:open_quantum_safe:liboqs:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 0.12.0 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:06 Dec, 2024 | 16:15
Updated At:20 Aug, 2025 | 19:07

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext. This vulnerability is fixed in 0.12.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.4HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
openquantumsafe
openquantumsafe
>>liboqs>>Versions before 0.12.0(exclusive)
cpe:2.3:a:openquantumsafe:liboqs:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Secondarysecurity-advisories@github.com
CWE ID: CWE-200
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/open-quantum-safe/liboqs/commit/cce1bfde4e52c524b087b9687020d283fbde0f24security-advisories@github.com
Patch
https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7security-advisories@github.com
Patch
Vendor Advisory
Hyperlink: https://github.com/open-quantum-safe/liboqs/commit/cce1bfde4e52c524b087b9687020d283fbde0f24
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7
Source: security-advisories@github.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

838Records found
CVE-2024-34991
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.15%
||
7 Day CHG~0.00%
Published-24 Jun, 2024 | 00:00
Updated-02 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique for PrestaShop, a guest can download partial credit card information (expiry date) / postal address / email / etc. without restriction due to a lack of permissions control.

Action-Not Available
Vendor-n/aPrestaShop S.A
Product-n/aquadra_informatique
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-0725
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.80% / 73.06%
||
7 Day CHG~0.00%
Published-07 Mar, 2022 | 14:00
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.

Action-Not Available
Vendor-keepassn/aFedora Project
Product-extra_packages_for_enterprise_linuxfedorakeepasskeepass
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-1077
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-3.02% / 86.09%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 05:50
Updated-15 Apr, 2025 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TEM FLEX-1080/FLEX-1085 Log information disclosure

A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication.

Action-Not Available
Vendor-temTEM
Product-flex-1085_firmwareflex-1085flex-1080flex-1080_firmwareFLEX-1080FLEX-1085
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CVE-2024-33309
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.85%
||
7 Day CHG~0.00%
Published-30 Apr, 2024 | 00:00
Updated-06 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.

Action-Not Available
Vendor-n/atvs_motor_company
Product-n/aconnectios
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-3305
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.06%
||
7 Day CHG~0.00%
Published-12 Sep, 2024 | 13:03
Updated-19 Sep, 2024 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Disclosure in Utarit Information's SoliClub

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.

Action-Not Available
Vendor-utaritUtarit Informationutarit
Product-soliclubSoliClubsoliclub
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-30472
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-1.28% / 78.76%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 11:11
Updated-09 Oct, 2024 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability leading to information disclosure.

Action-Not Available
Vendor-Microsoft CorporationDell Inc.
Product-thinostelemetry_dashboardWyse 5070 Thin Client
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-0281
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-34.18% / 96.83%
||
7 Day CHG~0.00%
Published-20 Jan, 2022 | 11:10
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exposure of Sensitive Information to an Unauthorized Actor in microweber/microweber

Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11.

Action-Not Available
Vendor-Microweber (‘Microweber Academy’ Foundation)
Product-microwebermicroweber/microweber
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-32100
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.60% / 68.50%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 09:22
Updated-07 Feb, 2025 | 02:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Digital Downloads plugin <= 3.2.11 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11.

Action-Not Available
Vendor-Sandhills Development, LLC (EasyDigitalDownloads)
Product-easy_digital_downloadsEasy Digital Downloads
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-32726
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.16%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 07:59
Updated-02 Aug, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Frontend Dashboard plugin <= 2.2.2 - Sensitive Data Exposure on PII vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in vinoth06. Frontend Dashboard.This issue affects Frontend Dashboard: from n/a through 2.2.2.

Action-Not Available
Vendor-vinoth06.buffercode
Product-Frontend Dashboardfrontend_dashboard
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-32816
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.30%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 07:41
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Combo Blocks plugin <= 2.2.78 - Sensitive Data Exposure via API vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid.This issue affects Post Grid: from n/a through 2.2.78.

Action-Not Available
Vendor-PickPluginspickplugins
Product-Post Gridpost_grid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-32086
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.46% / 62.94%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 17:07
Updated-08 Aug, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Citadela Listing plugin <= 5.18.1 - Unauth. Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a through 5.18.1.

Action-Not Available
Vendor-AitThemes (TECHNODE)
Product-Citadela Listingcitadela
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-32131
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 57.15%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 08:18
Updated-21 Mar, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Download Manager plugin <= 3.2.82 - File Password Lock Bypass vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. Download Manager allows Functionality Bypass.This issue affects Download Manager: from n/a through 3.2.82.

Action-Not Available
Vendor-W3 Eden Inc.W3 Eden, Inc.WordPress Download Manager Pro
Product-download_managerDownload Manager
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-3167
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.85% / 85.70%
||
7 Day CHG~0.00%
Published-20 Nov, 2019 | 20:50
Updated-06 Aug, 2024 | 05:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.

Action-Not Available
Vendor-Canonical Ltd.The PostgreSQL Global Development GroupDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxpostgresqlPostgreSQL
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-29400
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.61%
||
7 Day CHG~0.00%
Published-12 Apr, 2024 | 00:00
Updated-14 May, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in RuoYi v4.5.1, allows attackers to obtain sensitive information via the status parameter.

Action-Not Available
Vendor-n/aRuoyi
Product-ruoyin/aruoyi
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-30571
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-17.99% / 94.91%
||
7 Day CHG+2.05%
Published-03 Apr, 2024 | 00:00
Updated-04 Apr, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information leak in the BRS_top.html component of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6850_firmwarer6850n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-29842
Matching Score-4
Assigner-DirectCyber
ShareView Details
Matching Score-4
Assigner-DirectCyber
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.95%
||
7 Day CHG~0.00%
Published-14 Apr, 2024 | 23:48
Updated-02 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broken Access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS in Evolution Controller allows unauthenticated attackers to retrieve ABACARD values

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS, allowing for an unauthenticated attacker to return the abacard field of any user

Action-Not Available
Vendor-CS Technologies Australiacs_technologies
Product-Evolution Controllerevolution_controller
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2021-45884
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 55.96%
||
7 Day CHG~0.00%
Published-27 Dec, 2021 | 21:31
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resulting in information disclosure. NOTE: this issue exists because of an incomplete fix for CVE-2021-21323 and CVE-2021-22916.

Action-Not Available
Vendor-braven/aLinux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-windowsmacosbravelinux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-29843
Matching Score-4
Assigner-DirectCyber
ShareView Details
Matching Score-4
Assigner-DirectCyber
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.51%
||
7 Day CHG~0.00%
Published-14 Apr, 2024 | 23:48
Updated-02 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broken Access control on MOBILE_GET_USERS_LIST in Evolution Controller allows unauthenticated user enumeration

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on MOBILE_GET_USERS_LIST, allowing for an unauthenticated attacker to enumerate all users and their access levels

Action-Not Available
Vendor-CS Technologies Australiacs_technologies
Product-Evolution Controllerevolution_controller
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2024-29841
Matching Score-4
Assigner-DirectCyber
ShareView Details
Matching Score-4
Assigner-DirectCyber
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.95%
||
7 Day CHG~0.00%
Published-14 Apr, 2024 | 23:48
Updated-02 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broken Access control on DESKTOP_EDIT_USER_GET_KEYS_FIELDS in Evolution Controller allows unauthenticated attackers to retrieve keys values

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_KEYS_FIELDS, allowing for an unauthenticated attacker to return the keys value of any user

Action-Not Available
Vendor-CS Technologies Australiacs_technologies
Product-Evolution Controllerevolution_controller
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2016-11059
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.66%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 16:20
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before 2017-01-06, DGND3700v1 before 2017-01-06, DGND3700v2 before 2017-01-06, DGND3700Bv2 before 2017-01-06, JNR1010v1 before 2017-01-06, JNR1010v2 before 2017-01-06, JNR3300 before 2017-01-06, JR6100 before 2017-01-06, JR6150 before 2017-01-06, JWNR2000v5 before 2017-01-06, R2000 before 2017-01-06, R6050 before 2017-01-06, R6100 before 2017-01-06, R6200 before 2017-01-06, R6200v2 before 2017-01-06, R6220 before 2017-01-06, R6250 before 2017-01-06, R6300 before 2017-01-06, R6300v2 before 2017-01-06, R6700 before 2017-01-06, R7000 before 2017-01-06, R7900 before 2017-01-06, R7500 before 2017-01-06, R8000 before 2017-01-06, WGR614v10 before 2017-01-06, WNR1000v2 before 2017-01-06, WNR1000v3 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2000v3 before 2017-01-06, WNR2000v4 before 2017-01-06, WNR2000v5 before 2017-01-06, WNR2200 before 2017-01-06, WNR2500 before 2017-01-06, WNR3500Lv2 before 2017-01-06, WNDR3400v2 before 2017-01-06, WNDR3400v3 before 2017-01-06, WNDR3700v3 before 2017-01-06, WNDR3700v4 before 2017-01-06, WNDR3700v5 before 2017-01-06, WNDR4300 before 2017-01-06, WNDR4300v2 before 2017-01-06, WNDR4500v1 before 2017-01-06, WNDR4500v2 before 2017-01-06, and WNDR4500v3 before 2017-01-06.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dgnd3700r2000_firmwaredgnd3700b_firmwarewndr3700r6220_firmwarec6300wndr4300_firmwared1500r7500_firmwared6200b_firmwared6300_firmwarer6050r7000_firmwarer6220wndr4500d6200bd3600r6300_firmwaredgn2200b_firmwared6300wnr2500_firmwaredgn2200bjwnr2000_firmwarer6700wndr3700_firmwarer7000wnr2000_firmwarewnr3500l_firmwared6000r7500wnr2200_firmwarer7900_firmwareac1450dgn1000_firmwarejr6150_firmwared6200c6300_firmwarer6700_firmwarewnr2000r8000_firmwarer6250jnr1010_firmwared500dgnd3700_firmwared6000_firmwareac1450_firmwarer8000r6100_firmwarer7900wndr3400d500_firmwared3600_firmwarewnr2500wnr1000_firmwared6300b_firmwaredgn2200dgn1000wgr614jnr3300_firmwared6100_firmwarejr6100_firmwarer6100dgnd3700bwgr614_firmwarer6250_firmwared6300br6200_firmwarewndr3400_firmwarejnr3300wnr1000wndr4500_firmwarejwnr2000r6200wnr3500lr2000d6200_firmwaredgn2200_firmwarer6050_firmwared1500_firmwared6100jr6150r6300jnr1010wndr4300jr6100wnr2200n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-11066
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.66%
||
7 Day CHG~0.00%
Published-19 Jun, 2020 | 19:23
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information.

Action-Not Available
Vendor-n/aMattermost, Inc.
Product-mattermost_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-45647
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 49.71%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:29
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EAX80 before 1.0.1.62, EX7000 before 1.0.1.104, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7000 before 1.0.11.116, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.68, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-eax80rax15r6120r6220_firmwareac2600ac2400rax50r6900p_firmwarer7960prax45r6260_firmwarer7000_firmwarer6220eax80_firmwarerax20ac2400_firmwarer7350_firmwarer7900pr7200rax20_firmwarer6230r6330r6230_firmwarer7000rax80_firmwareac2100_firmwarer7400r6700v2r6850r6350r7900_firmwareex7000_firmwarer7900p_firmwarer6800_firmwarer8000_firmwarer6700v2_firmwarerax80r6850_firmwarer7450_firmwarer8000rax75ex7000r6900v2r6900pr7900r8000pr6120_firmwarer7200_firmwarer6800r6900v2_firmwarer6260r8000p_firmwarer6330_firmwarerax200r7400_firmwarer7000p_firmwarerax200_firmwarer6350_firmwarer7000pac2100r7450r7960p_firmwarerax15_firmwarerax75_firmwarerax50_firmwarerax45_firmwarer7350ac2600_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-45651
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.16% / 37.26%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:29
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK50 before 2.7.3.22, RBR50 before 2.7.3.22, and RBS50 before 2.7.3.22.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbr50rbk50rbs50_firmwarerbk50_firmwarerbs50rbr50_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-45648
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.1||LOW
EPSS-0.31% / 53.40%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:29
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EX6100v2 before 1.0.1.106, EX6150v2 before 1.0.1.106, EX6250 before 1.0.0.146, EX6400 before 1.0.2.164, EX6400v2 before 1.0.0.146, EX6410 before 1.0.0.146, EX6420 before 1.0.0.146, EX7300 before 1.0.2.164, EX7300v2 before 1.0.0.146, EX7320 before 1.0.0.146, EX7700 before 1.0.0.222, LBR1020 before 2.6.5.16, LBR20 before 2.6.5.2, RBK352 before 4.3.4.7, RBK50 before 2.7.3.22, RBR350 before 4.3.4.7, RBR50 before 2.7.3.22, and RBS350 before 4.3.4.7.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-ex6400_firmwareex6150v2_firmwareex7300_firmwarerbr350_firmwareex6150v2ex7320_firmwareex6410ex6420_firmwareex7300v2_firmwareex6250_firmwarerbk352ex6400v2_firmwareex7300ex6420ex7300v2ex6250lbr1020lbr20_firmwareex6410_firmwarelbr1020_firmwarerbs350_firmwareex6400v2ex6100v2rbr50_firmwarerbr50rbs350ex7700_firmwareex7700lbr20ex7320rbk352_firmwarerbk50rbr350ex6100v2_firmwarerbk50_firmwareex6400n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-45650
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.27% / 49.96%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:29
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RS400 before 1.5.1.80, R6400v2 before 1.0.4.102, R7000P before 1.3.2.126, R6700v3 before 1.0.4.102, and R6900P before 1.3.2.126.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rs400_firmwarer6400v2r8000r7000r6900pr7900r7000pr6900p_firmwarer6400v2_firmwarer7900_firmwarer7000_firmwarers400r6700v3r6700v3_firmwarer8000_firmwarer7000p_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-45652
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.39% / 59.08%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:28
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbk352_firmwarerbk352rbr350_firmwarerbr350rbs350_firmwarerbs350n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-45654
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.39% / 59.08%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:28
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of sensitive information.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-xr1000_firmwarexr1000n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-45653
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.9||LOW
EPSS-0.68% / 70.54%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:28
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbk352_firmwarerbk352rbr350_firmwarerbr350rbs350_firmwarerbs350n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-45646
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.31% / 53.40%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:29
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR R7000 devices before 1.0.11.116 are affected by disclosure of sensitive information.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7000_firmwarer7000n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-4430
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.10% / 27.51%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 07:31
Updated-12 Jun, 2025 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ortus Solutions ColdBox Elixir ENV Variable defaultConfig.js information disclosure

A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address this issue. The identifier of the patch is a3aa62daea2e44c76d08d1eac63768cd928cd69e. It is recommended to upgrade the affected component. The identifier VDB-244485 was assigned to this vulnerability.

Action-Not Available
Vendor-ortussolutionsOrtus Solutions
Product-coldbox_elixirColdBox Elixir
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-4428
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-2.7||LOW
EPSS-67.12% / 98.49%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 17:00
Updated-03 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
what3words Autosuggest Plugin Setting class-w3w-autosuggest-public.php enqueue_scripts information disclosure

A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. Affected by this vulnerability is the function enqueue_scripts of the file w3w-autosuggest/public/class-w3w-autosuggest-public.php of the component Setting Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 4.0.1 is able to address this issue. The patch is named dd59cbac5f86057d6a73b87007c08b8bfa0c32ac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-234247.

Action-Not Available
Vendor-what3wordswhat3words
Product-autosuggestAutosuggest Plugin
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-45421
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 58.97%
||
7 Day CHG~0.00%
Published-14 Feb, 2022 | 13:08
Updated-04 Aug, 2024 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed or replaced

Action-Not Available
Vendor-emersonn/a
Product-dixell_xweb-500_firmwaredixell_xweb-500n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9481
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.59%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 17:57
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThemeMakers Diplomat | Political theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Action-Not Available
Vendor-diplomat_\|_political_projectn/a
Product-diplomat_\|_politicaln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-2725
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.32%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 13:35
Updated-01 Aug, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exposure of Sensitive Information vulnerability in the CIGESv2 system

Information exposure vulnerability in the CIGESv2 system. A remote attacker might be able to access /vendor/composer/installed.json and retrieve all installed packages used by the application.

Action-Not Available
Vendor-Ciges
Product-CIGESv2
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9492
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.27%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 18:05
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThemeMakers SmartIT Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Action-Not Available
Vendor-smartit_premium_responsive_projectn/a
Product-smartit_premium_responsiven/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9491
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.27%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 18:04
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThemeMakers Blessing Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Action-Not Available
Vendor-blessing_premium_responsive_projectn/a
Product-blessing_premium_responsiven/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-29517
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.88% / 82.39%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 23:54
Updated-05 Feb, 2025 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The office document viewer macro was allowing anyone to see any file content from the hosting server, provided that the office server was connected and depending on the permissions of the user running the servlet engine (e.g. tomcat) running XWiki. The same vulnerability also allowed to perform internal requests to resources from the hosting server. The problem has been patched in XWiki 13.10.11, 14.10.1, 14.4.8, 15.0-rc-1. Users are advised to upgrade. It might be possible to workaround this vulnerability by running XWiki in a sandbox with a user with very low privileges on the machine.

Action-Not Available
Vendor-XWiki SAS
Product-xwikixwiki-platform
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-45475
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.96%
||
7 Day CHG+0.01%
Published-27 Oct, 2022 | 08:40
Updated-17 Sep, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information disclosure in Yordam Library Information Document Automation Program

Yordam Library Information Document Automation product before version 19.02 has an unauthenticated Information disclosure vulnerability.

Action-Not Available
Vendor-yordamYordam Informatics Systems
Product-library_automation_systemYordam Library Information Document Automation Program
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9489
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.78% / 72.73%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 18:03
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThemeMakers Goodnex Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Action-Not Available
Vendor-goodnex_premium_responsive_projectn/a
Product-goodnex_premium_responsiven/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9485
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.97% / 75.73%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 18:00
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThemeMakers Accio Responsive Parallax One Page Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Action-Not Available
Vendor-accio_responsive_onepage_parallax_site_template_projectn/a
Product-accio_responsive_onepage_parallax_site_templaten/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-45493
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.6||HIGH
EPSS-0.32% / 54.68%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 01:04
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax35_firmwarerax40rax38rax38_firmwarerax40_firmwarerax35n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-28432
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-93.93% / 99.87%
||
7 Day CHG~0.00%
Published-22 Mar, 2023 | 20:16
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-05-12||Apply updates per vendor instructions.
Minio Information Disclosure in Cluster Deployment

Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.

Action-Not Available
Vendor-miniominioMinIO
Product-miniominioMinIO
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9483
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.27%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 17:59
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThemeMakers Invento Responsive Gallery/Architecture Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Action-Not Available
Vendor-invento_\/_architecture_building_agency_template_projectn/a
Product-invento_\/_architecture_building_agency_templaten/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9486
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.27%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 18:01
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThemeMakers Axioma Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Action-Not Available
Vendor-axioma_premium_responsive_projectn/a
Product-axioma_premium_responsiven/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9490
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.59%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 18:04
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThemeMakers GamesTheme Premium theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Action-Not Available
Vendor-gamestheme_premium_projectn/a
Product-gamestheme_premiumn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9488
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.59%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 18:03
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThemeMakers Almera Responsive Portfolio Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Action-Not Available
Vendor-almera_responsive_portfolio_site_template_projectn/a
Product-almera_responsive_portfolio_site_templaten/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9482
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.59%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 17:58
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Action-Not Available
Vendor-car_dealer_\/_auto_dealer_responsive_projectn/a
Product-car_dealer_\/_auto_dealer_responsiven/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-43287
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-89.78% / 99.54%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 11:52
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers.

Action-Not Available
Vendor-thoughtworksn/a
Product-gocdn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9484
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.59%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 18:00
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThemeMakers Accio One Page Parallax Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Action-Not Available
Vendor-accio_one_page_parallax_responsive_theme_projectn/a
Product-accio_one_page_parallax_responsive_themen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-42523
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.35%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 17:27
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it.

Action-Not Available
Vendor-colord_projectn/a
Product-colordcolord
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 16
  • 17
  • Next
Details not found