ReportizFlow
Filtered by vendor
Subscriptions
Total
10146 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-3043 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | N/A |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the collaboration functionality. | ||||
| CVE-2017-17104 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | N/A |
| Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name']. | ||||
| CVE-2017-16804 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2025-04-20 | N/A |
| In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages. | ||||
| CVE-2017-7531 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| In Moodle 3.3, the course overview block reveals activities in hidden courses. | ||||
| CVE-2017-16673 | 1 Datto | 1 Backup Agent | 2025-04-20 | N/A |
| Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to "pair" with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified "specific information" by which the agent identifies a network device that is "appearing to be a valid Datto." | ||||
| CVE-2017-16633 | 1 Joomla | 1 Joomla\! | 2025-04-20 | N/A |
| In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users. | ||||
| CVE-2022-20591 | 1 Google | 1 Android | 2025-04-18 | 5.5 Medium |
| In ppmpu_set of ppmpu.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238939706References: N/A | ||||
| CVE-2022-44589 | 1 Miniorange | 1 Google Authenticator | 2025-04-17 | 8.1 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login: from n/a through 5.6.1. | ||||
| CVE-2022-3917 | 1 Motorola | 2 Moto E20, Moto E20 Firmware | 2025-04-17 | 4.6 Medium |
| Improper access control of bootloader function was discovered in Motorola Mobility Motorola e20 prior to version RONS31.267-38-8 allows attacker with local access to read partition or RAM data. | ||||
| CVE-2024-46987 | 1 Tuzitio | 1 Camaleon Cms | 2025-04-17 | 7.7 High |
| Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions). This issue may lead to Information Disclosure. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-26309 | 1 Libming | 1 Libming | 2025-04-17 | 6.5 Medium |
| A memory leak has been identified in the parseSWF_DEFINESCENEANDFRAMEDATA function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file. | ||||
| CVE-2025-26310 | 1 Libming | 1 Libming | 2025-04-17 | 6.5 Medium |
| Multiple memory leaks have been identified in the ABC file parsing functions (parseABC_CONSTANT_POOL and `parseABC_FILE) in util/parser.c of libming v0.4.8, which allow attackers to cause a denial of service via a crafted ABC file. | ||||
| CVE-2022-42839 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-17 | 3.3 Low |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to read sensitive location information. | ||||
| CVE-2022-26423 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | 8.2 High |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | ||||
| CVE-2022-1070 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | 8.2 High |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | ||||
| CVE-2022-41964 | 1 Bigbluebutton | 1 Bigbluebutton | 2025-04-17 | 5.7 Medium |
| BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the anonymous poll. The attacker had to be a meeting presenter. This issue is patched in version 2.4.0. There are no workarounds. | ||||
| CVE-2022-23490 | 1 Bigbluebutton | 1 Bigbluebutton | 2025-04-17 | 4.3 Medium |
| BigBlueButton is an open source web conferencing system. Versions prior to 2.4.0 expose sensitive information to Unauthorized Actors. This issue affects meetings with polls, where the attacker is a meeting participant. Subscribing to the current-poll collection does not update the client UI, but does give the attacker access to the contents of the collection, which include the individual poll responses. This issue is patched in version 2.4.0. There are no workarounds. | ||||
| CVE-2022-23488 | 1 Bigbluebutton | 1 Bigbluebutton | 2025-04-17 | 6.5 Medium |
| BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an attacker to subscribe to viewers' webcams, even when the lock setting is applied. (The required streamId was being sent to all users even with lock setting applied). This issue is fixed in version 2.4-rc-6. There are no workarounds. | ||||
| CVE-2022-46310 | 1 Huawei | 1 Harmonyos | 2025-04-17 | 7.5 High |
| The TelephonyProvider module has a vulnerability in obtaining values.Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2025-31492 | 1 Redhat | 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more | 2025-04-17 | 7.5 High |
| mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results in disclosure of protected content to unauthenticated users. The conditions for disclosure are an OIDCProviderAuthRequestMethod POST, a valid account, and there mustn't be any application-level gateway (or load balancer etc) protecting the server. When you request a protected resource, the response includes the HTTP status, the HTTP headers, the intended response (the self-submitting form), and the protected resource (with no headers). This is an example of a request for a protected resource, including all the data returned. In the case where mod_auth_openidc returns a form, it has to return OK from check_userid so as not to go down the error path in httpd. This means httpd will try to issue the protected resource. oidc_content_handler is called early, which has the opportunity to prevent the normal output being issued by httpd. oidc_content_handler has a number of checks for when it intervenes, but it doesn't check for this case, so the handler returns DECLINED. Consequently, httpd appends the protected content to the response. The issue has been patched in mod_auth_openidc versions >= 2.4.16.11. | ||||