Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4397 | 1 Ibm | 2 Cloud Orchestrator, Cloud Orchestrator Enterprise | 2019-10-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239 | |||||
| CVE-2017-16355 | 2 Debian, Phusion | 2 Debian Linux, Passenger | 2019-10-28 | 1.2 LOW | 4.7 MEDIUM |
| In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml. | |||||
| CVE-2011-1015 | 1 Python | 1 Python | 2019-10-25 | 5.0 MEDIUM | N/A |
| The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI. | |||||
| CVE-2017-8087 | 1 Avm | 2 Fritz\!box 7490, Fritz\!os | 2019-10-24 | 2.1 LOW | 2.4 LOW |
| Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors. | |||||
| CVE-2014-8775 | 1 Modx | 1 Modx Revolution | 2019-10-22 | 5.0 MEDIUM | N/A |
| MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
| CVE-2019-12708 | 1 Cisco | 4 Spa112, Spa112 Firmware, Spa122 and 1 more | 2019-10-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to unsafe handling of user credentials. An attacker could exploit this vulnerability by viewing portions of the web-based management interface of an affected device. A successful exploit could allow the attacker to access administrative credentials and potentially gain elevated privileges by reusing stolen credentials on the affected device. | |||||
| CVE-2013-7400 | 1 Dkd | 1 Direct Mail | 2019-10-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes. | |||||
| CVE-2015-9488 | 1 Almera Responsive Portfolio Site Template Project | 1 Almera Responsive Portfolio Site Template | 2019-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| The ThemeMakers Almera Responsive Portfolio Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | |||||
| CVE-2015-9487 | 1 Almera Responsive Portfolio Project | 1 Almera Responsive Portfolio | 2019-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| The ThemeMakers Almera Responsive Portfolio theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | |||||
| CVE-2015-9489 | 1 Goodnex Premium Responsive Project | 1 Goodnex Premium Responsive | 2019-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| The ThemeMakers Goodnex Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | |||||
| CVE-2015-9491 | 1 Blessing Premium Responsive Project | 1 Blessing Premium Responsive | 2019-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| The ThemeMakers Blessing Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | |||||
| CVE-2015-9490 | 1 Gamestheme Premium Project | 1 Gamestheme Premium | 2019-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| The ThemeMakers GamesTheme Premium theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | |||||
| CVE-2015-9486 | 1 Axioma Premium Responsive Project | 1 Axioma Premium Responsive | 2019-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| The ThemeMakers Axioma Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | |||||
| CVE-2015-9484 | 1 Accio One Page Parallax Responsive Theme Project | 1 Accio One Page Parallax Responsive Theme | 2019-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| The ThemeMakers Accio One Page Parallax Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | |||||
| CVE-2015-9481 | 1 Diplomat \| Political Project | 1 Diplomat \| Political | 2019-10-17 | 5.0 MEDIUM | 7.5 HIGH |
| The ThemeMakers Diplomat | Political theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | |||||
| CVE-2015-9482 | 1 Car Dealer \/ Auto Dealer Responsive Project | 1 Car Dealer \/ Auto Dealer Responsive | 2019-10-17 | 5.0 MEDIUM | 7.5 HIGH |
| The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | |||||
| CVE-2019-15902 | 4 Debian, Linux, Netapp and 1 more | 7 Debian Linux, Linux Kernel, Active Iq Performance Analytics Services and 4 more | 2019-10-17 | 4.7 MEDIUM | 5.6 MEDIUM |
| A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped. | |||||
| CVE-2019-2183 | 1 Google | 1 Android | 2019-10-16 | 2.1 LOW | 5.5 MEDIUM |
| In generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-136261465 | |||||
| CVE-2015-9492 | 1 Smartit Premium Responsive Project | 1 Smartit Premium Responsive | 2019-10-16 | 5.0 MEDIUM | 7.5 HIGH |
| The ThemeMakers SmartIT Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | |||||
| CVE-2019-1334 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-15 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1345. | |||||