| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote attackers to discover an LDAP password via unspecified vectors. |
| Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files. |
| mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23540907 and 23515142, a different vulnerability than CVE-2015-6611. |
| The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read. |
| The Field as Block module 7.x-1.x before 7.x-1.4 for Drupal might allow remote attackers to obtain sensitive field information by reading a cached block. |
| The Web Server component in TIBCO LogLogic Unity before 1.1.1 allows remote authenticated users to gain privileges, and consequently obtain sensitive information, via an HTTP request. |
| The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file. |
| The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to obtain sensitive information about administrator accounts via a modified request. |
| The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY. |
| The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not properly check access to profiles in certain circumstances, which might allow remote attackers to obtain sensitive information from the anonymous user profile via unspecified vectors. |
| The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number. |
| The Frontel protocol before 3 on RSI Video Technologies Videofied devices sets up AES encryption but sends all traffic in cleartext, which allows remote attackers to obtain sensitive (1) message or (2) MJPEG video data by sniffing the network. |
| The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors. |
| Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to discover credentials by reading detailed error messages. |
| The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code. |
| Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by pasting the contents to another file. |
| Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading the log. |
| Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors. |
| The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116. NOTE: the permissions may be intentional in most non-Android contexts. |
| ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors. |