Filtered by CWE-200
Total 10719 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-5752 1 Netiq 1 Access Manager 2025-04-20 N/A
The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester.
CVE-2016-5810 1 Advantech 1 Webaccess 2025-04-20 N/A
upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors.
CVE-2016-5893 1 Ibm 1 Sterling B2b Integrator 2025-04-20 N/A
IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 115336.
CVE-2016-6080 1 Ibm 1 Websphere Message Broker 2025-04-20 N/A
The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker.
CVE-2016-6094 1 Ibm 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager 2025-04-20 N/A
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data.
CVE-2016-6116 1 Ibm 1 Security Key Lifecycle Manager 2025-04-20 N/A
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVE-2015-8628 1 Mediawiki 1 Mediawiki 2025-04-20 N/A
The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics.
CVE-2014-2960 1 Visioncritical 1 Vision Critical 2025-04-20 N/A
Vision Critical before 2014-05-30 allows attackers to read arbitrary files via unspecified vectors, as demonstrated by image files and configuration files.
CVE-2014-8174 1 Redhat 1 Edeploy 2025-04-20 N/A
eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files.
CVE-2022-20591 1 Google 1 Android 2025-04-18 5.5 Medium
In ppmpu_set of ppmpu.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238939706References: N/A
CVE-2022-3917 1 Motorola 2 Moto E20, Moto E20 Firmware 2025-04-17 4.6 Medium
Improper access control of bootloader function was discovered in Motorola Mobility Motorola e20 prior to version RONS31.267-38-8 allows attacker with local access to read partition or RAM data.
CVE-2024-46987 1 Tuzitio 1 Camaleon Cms 2025-04-17 7.7 High
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions). This issue may lead to Information Disclosure. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2025-26309 1 Libming 1 Libming 2025-04-17 6.5 Medium
A memory leak has been identified in the parseSWF_DEFINESCENEANDFRAMEDATA function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file.
CVE-2025-26310 1 Libming 1 Libming 2025-04-17 6.5 Medium
Multiple memory leaks have been identified in the ABC file parsing functions (parseABC_CONSTANT_POOL and `parseABC_FILE) in util/parser.c of libming v0.4.8, which allow attackers to cause a denial of service via a crafted ABC file.
CVE-2022-42839 1 Apple 3 Ipados, Iphone Os, Macos 2025-04-17 3.3 Low
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to read sensitive location information.
CVE-2022-26423 1 Aethon 1 Tug Home Base Server 2025-04-17 8.2 High
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
CVE-2022-1070 1 Aethon 1 Tug Home Base Server 2025-04-17 8.2 High
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
CVE-2022-41964 1 Bigbluebutton 1 Bigbluebutton 2025-04-17 5.7 Medium
BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the anonymous poll. The attacker had to be a meeting presenter. This issue is patched in version 2.4.0. There are no workarounds.
CVE-2022-23490 1 Bigbluebutton 1 Bigbluebutton 2025-04-17 4.3 Medium
BigBlueButton is an open source web conferencing system. Versions prior to 2.4.0 expose sensitive information to Unauthorized Actors. This issue affects meetings with polls, where the attacker is a meeting participant. Subscribing to the current-poll collection does not update the client UI, but does give the attacker access to the contents of the collection, which include the individual poll responses. This issue is patched in version 2.4.0. There are no workarounds.
CVE-2022-23488 1 Bigbluebutton 1 Bigbluebutton 2025-04-17 6.5 Medium
BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an attacker to subscribe to viewers' webcams, even when the lock setting is applied. (The required streamId was being sent to all users even with lock setting applied). This issue is fixed in version 2.4-rc-6. There are no workarounds.