| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affected system. The vulnerability is due to improper protection of sensitive log files. An attacker could exploit this vulnerability by logging in to an affected system and accessing unprotected log files. A successful exploit could allow the attacker to access sensitive log files, which may include system credentials, on the affected system. Cisco Bug IDs: CSCvc76616. Known Affected Releases: 2.2(9.76). |
| A vulnerability in the Inventory Management feature of Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to view sensitive information on the system. The vulnerability is due to insufficient protection of restricted information. An attacker could exploit this vulnerability by accessing unauthorized information via the user interface. Cisco Bug IDs: CSCvd61932. |
| An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "UIKit" component. It allows attackers to bypass intended read restrictions for secure text fields via vectors involving a focus-change event. |
| An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to read data from kernel memory locations via crafted Wi-Fi traffic. |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Bluetooth" component. It allows attackers to obtain sensitive Contact card information via a crafted app. |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Directory Utility" component. It allows local users to discover the Apple ID of the computer's owner. |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Phone" component. It allows attackers to obtain sensitive information by leveraging a timing bug to read a secure-content screenshot that occurred during a locking action. |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Keyboard Suggestions" component. It allows attackers to obtain sensitive information by reading keyboard autocorrect suggestions. |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently discover an e-mail recipient's IP address, via an HTML email message. |
| An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the "WebKit Storage" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web sites. |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Location Framework" component. It allows attackers to obtain sensitive location information via a crafted app that reads the location variable. |
| IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375. |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "CFNetwork Proxies" component, which allows man-in-the-middle attackers to spoof a proxy password authentication requirement and obtain sensitive information. |
| The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable. |
| jasypt before 1.9.2 allows a timing attack against the password hash comparison. |
| In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist. |
| In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure vulnerability could potentially exist. |
| Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/. |
| GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message. |
| GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml. |
