| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An information disclosure vulnerability in the HTC input driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32591129. |
| Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the privilege, successful exploitation may cause information leak. |
| IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735. |
| AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution. |
| Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note of anything that may seem out of place or any bit of information they can use to their advantage such as error messages, system information, user data, version numbers, component names, URL paths, or even simple typos and misspellings. |
| The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c. |
| Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information. |
| Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information. |
| The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file. |
| An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory. |
| IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.13)could allow a remote attacker to obtain sensitive information caused by improper error handling by MyFaces in JSF. |
| OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter. |
| Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine. This backup file contains sensitive information like passwd/shadow files, RSA certificates, Private Keys and Default Passphrase, etc. This was resolved in Version 6.5 CP 1737. |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Image filters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5079. |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within util.printf. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5290. |
| IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system. |
| OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses. |
| In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages. |
| In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets. |
| Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." |
