2024

2023

2022

2021

2020

CVE-2020-12120 (v3: 7.5) 27 Apr 2020
The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers.

2019

CVE-2019-15330 (v3: 7.5) 22 Aug 2019
The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading.

2018

CVE-2018-1644 (v3: 4.3) 27 Aug 2018
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user.

2017

CVE-2017-1346 (v3: 2.5) 25 Sep 2017
IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461.
CVE-2017-3743 (v3: 7.5) 20 Jun 2017
If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be able to see the user ID and clear text password that were used to access the second machine during the time the command is processing.

2016

CVE-2016-10533 (v3: 8.8) 31 May 2018
express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes.
CVE-2016-1992 (v3: 6.5) 17 Mar 2016
HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors.

2015

CVE-2015-8393 (v2: 5) 2 Dec 2015
pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
CVE-2015-6261 (v2: 4) 26 Aug 2015
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531.
CVE-2015-4314 (v2: 4) 20 Aug 2015
The System Snapshot feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 allows remote authenticated users to obtain sensitive password-hash information by reading the snapshot file, aka Bug ID CSCuv40422.
CVE-2015-4320 (v2: 4) 20 Aug 2015
The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, aka Bug ID CSCuv12340.
CVE-2015-1883 (v2: 4) 20 Jul 2015
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure.
CVE-2015-3319 (v2: 5) 16 Apr 2015
Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
CVE-2015-0136 (v2: 2.1) 24 Mar 2015
powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 places an access token on the command line during IVM and PowerKVM management, which allows local users to obtain sensitive information by listing the process.