Vulnerabilities (CVE)

Filtered by CWE-200
Total 7419 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-1159 1 Zohocorp 1 Manageengine Password Manager Pro 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service.
CVE-2019-15580 1 Gitlab 1 Gitlab 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted.
CVE-2012-6341 1 Netgear 4 Wgr614v7, Wgr614v7 Firmware, Wgr614v9 and 1 more 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext. This is a different issue than CVE-2012-6340.
CVE-2019-18335 1 Siemens 1 Sppa-t3000 Application Server 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to gain access to logs and configuration files by sending specifically crafted packets to 80/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
CVE-2008-5083 1 Redhat 1 Jboss Operations Network 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON.
CVE-2013-1594 1 Vivotek 2 Pt7135, Pt7135 Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text.
CVE-2020-6190 1 Sap 1 Netweaver Application Server Java 2024-02-28 5.0 MEDIUM 5.8 MEDIUM
Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leading to Information Disclosure.
CVE-2015-2802 4 Hp, Linux, Microsoft and 1 more 6 Asset Manager, Asset Manager Cloudsystem Chargeback, Sitescope and 3 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability.
CVE-2019-6700 1 Fortinet 1 Fortisiem 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code.
CVE-2018-21026 4 Hitachi, Linux, Microsoft and 1 more 8 Compute Systems Manager, Device Manager, Replication Manager and 5 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information.
CVE-2018-1682 1 Ibm 1 Watston Studio Local 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
IBM Watson Studio Local 1.2.3 could disclose sensitive information over the network that an attacked could use in further attacks against the system. IBM X-Force ID: 145238.
CVE-2020-9337 1 Golfbuddyglobal 1 Course Manager 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request.
CVE-2012-1161 2 Fedoraproject, Moodle 2 Fedora, Moodle 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results
CVE-2019-14365 1 Intercom 1 Intercom 2024-02-28 5.0 MEDIUM 7.5 HIGH
The Intercom plugin through 1.2.1 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.).
CVE-2019-10223 3 Kubernetes, Linux, Redhat 3 Kube-state-metrics, Linux Kernel, Openshift Container Platform 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of the default `kubectl` behavior and this new feature can cause the entire secret content to end up in metric labels thus inadvertently exposing the secret content in metrics. This feature has been reverted and released as the v1.7.2 release. If you are running the v1.7.0 or v1.7.1 release, please upgrade to the v1.7.2 release as soon as possible.
CVE-2019-1472 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2024-02-28 2.1 LOW 5.5 MEDIUM
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1474.
CVE-2013-4856 1 Dlink 2 Dir-865l, Dir-865l Firmware 2024-02-28 2.9 LOW 6.5 MEDIUM
D-Link DIR-865L has Information Disclosure.
CVE-2013-3070 1 Netgear 2 Wndr4700, Wndr4700 Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN.
CVE-2015-9490 1 Gamestheme Premium Project 1 Gamestheme Premium 2024-02-28 5.0 MEDIUM 7.5 HIGH
The ThemeMakers GamesTheme Premium theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
CVE-2019-1400 1 Microsoft 2 Office, Office 365 Proplus 2024-02-28 2.1 LOW 5.5 MEDIUM
An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1463.