Search
Total
1326 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24765 | 1 Mind | 1 Imind Server | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request. | |||||
| CVE-2020-13918 | 1 Ruckuswireless | 25 C110, E510, H320 and 22 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect access control in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to leak system information (that can be used for a jailbreak) via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. | |||||
| CVE-2020-20299 | 1 Weiphp | 1 Weiphp | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| WeiPHP 5.0 does not properly restrict access to pages, related to using POST. | |||||
| CVE-2020-11605 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is sensitive information exposure from dumpstate in NFC logs. The Samsung ID is SVE-2019-16359 (April 2020). | |||||
| CVE-2020-24312 | 1 Webdesi9 | 1 File Manager | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken. | |||||
| CVE-2019-7404 | 1 Lg | 6 Gamp-7100, Gamp-7100 Firmware, Gapm-7200 and 3 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. An unauthenticated user can read a log file via an HTTP request containing its full pathname, such as http://192.168.0.1/var/gapm7100_${today's_date}.log for reading a filename such as gapm7100_190101.log. | |||||
| CVE-2019-14932 | 1 Humanica | 1 Humatrix 7 | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to access all candidates' information on the website via a modified selApp variable to personalData/resumeDetail.cfm. This includes personal information and other sensitive data. | |||||
| CVE-2020-6809 | 1 Mozilla | 1 Firefox | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox < 74. | |||||
| CVE-2019-15065 | 1 Hinet | 2 Gpon, Gpon Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L). | |||||
| CVE-2020-25209 | 1 Jetbrains | 1 Youtrack | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API. | |||||
| CVE-2019-13412 | 1 Hinet | 2 Gpon, Gpon Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A service which is hosted on port 3097 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L). | |||||
| CVE-2020-0228 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is an improper configuration of recorder related service. Product: AndroidVersions: Android SoCAndroid ID: A-156333723 | |||||
| CVE-2020-11595 | 1 Cipplanner | 1 Cipace | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path. | |||||
| CVE-2020-3761 | 1 Adobe | 1 Coldfusion | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory. | |||||
| CVE-2020-12127 | 1 Wavlink | 2 Wn530h4, Wn530h4 Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication. | |||||
| CVE-2019-19693 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ Security 2020, Internet Security 2020 and 2 more | 2021-07-21 | 3.6 LOW | 7.1 HIGH |
| The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2020-27180 | 1 Konzept-ix | 1 Publixone | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter. | |||||
| CVE-2019-15506 | 1 Kaseya | 1 Virtual System Administrator | 2021-07-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in Kaseya Virtual System Administrator (VSA) through 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web application and download sensitive files and information. For example, the /DATAREPORTS directory can be farmed for reports. Because this directory contains the results of reports such as NMAP, Patch Status, and Active Directory domain metadata, an attacker can easily collect this critical information and parse it for information. There are a number of directories affected. | |||||
| CVE-2019-9802 | 1 Mozilla | 1 Firefox | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and allow for a potential memory read of adjacent data from the privileged Chrome process, which may include sensitive data. This vulnerability affects Firefox < 66. | |||||
| CVE-2019-9105 | 1 Saet | 3 Tebe Small, Tebe Small Firmware, Webapp | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI&customurl=alladminusers call. | |||||
| CVE-2020-9591 | 1 Magento | 1 Magento | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access to admin panel. | |||||
| CVE-2019-17643 | 1 Centreon | 1 Centreon | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Centreon before 2.8-30,18.10-8, 19.04-5, and 19.10-2. It provides sensitive information via an unauthenticated direct request for include/monitoring/recurrentDowntime/GetXMLHost4Services.php. | |||||
| CVE-2019-20695 | 1 Netgear | 6 Srk60, Srk60 Firmware, Srr60 and 3 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Certain NETGEAR devices are affected by disclosure of sensitive information. This affects SRK60 before 2.3.5.106, SRR60 before 2.3.5.106, and SRS60 before 2.3.5.106. | |||||
| CVE-2020-10578 | 1 Q-cms | 1 Qcms | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1. | |||||
| CVE-2020-11842 | 1 Microfocus | 1 Verastream Host Integrator | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Information disclosure vulnerability in Micro Focus Verastream Host Integrator (VHI) product, affecting versions earlier than 7.8 Update 1 (7.8.49 or 7.8.0.49). The vulnerability allows an unauthenticated attackers to view information they may not have been authorized to view. | |||||
| CVE-2020-10508 | 1 Sun | 1 Ehrd | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information. | |||||
| CVE-2020-1206 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'. | |||||
| CVE-2019-17646 | 1 Centreon | 1 Centreon | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Centreon before 18.10.8, 19.04.5, and 19.10.2. It provides sensitive information via an unauthenticated direct request for api/external.php?object=centreon_metric&action=listByService. | |||||
| CVE-2019-8998 | 1 Blackberry | 1 Qnx Software Development Platform | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized access to a chosen process address space. | |||||
| CVE-2020-14255 | 1 Hcltech | 1 Digital Experience | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations. | |||||
| CVE-2020-10248 | 1 Meinbwa | 2 Direx-pro, Direx-pro Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3. | |||||
| CVE-2019-17645 | 1 Centreon | 1 Centreon | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Centreon before 2.8.31, 18.10.9, 19.04.6, and 19.10.3. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/service/refreshMacroAjax.php. | |||||
| CVE-2020-15894 | 1 D-link | 2 Dir-816l, Dir-816l Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT. | |||||
| CVE-2020-11959 | 1 Mi | 2 Xiaomi R3600, Xiaomi R3600 Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM before 1.0.50. | |||||
| CVE-2019-20213 | 1 Dlink | 28 Dir-818lx, Dir-818lx Firmware, Dir-822 and 25 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. | |||||
| CVE-2020-10187 | 1 Doorkeeper Project | 1 Doorkeeper | 2021-07-21 | 4.3 MEDIUM | 7.5 HIGH |
| Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled. | |||||
| CVE-2019-13666 | 1 Google | 1 Chrome | 2021-07-21 | 4.3 MEDIUM | 7.4 HIGH |
| Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2019-8063 | 3 Adobe, Apple, Microsoft | 3 Creative Cloud, Mac Os X, Windows | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Creative Cloud Desktop Application 4.6.1 and earlier versions have an insecure transmission of sensitive data vulnerability. Successful exploitation could lead to information leakage. | |||||
| CVE-2020-13359 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.5 MEDIUM | 7.6 HIGH |
| The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are >=12.10, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
| CVE-2019-12763 | 1 Securitycamera | 1 Security Camera Cz | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Security Camera CZ application through 1.6.8 for Android stores potentially sensitive recorded video in external data storage, which is readable by any application. | |||||
| CVE-2020-11506 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure (Exposure of Sensitive Information) via request smuggling. | |||||
| CVE-2019-9223 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure. | |||||
| CVE-2020-10854 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Kernel stack addresses are leaked to userspace. The Samsung ID is SVE-2019-16161 (January 2020). | |||||
| CVE-2020-12120 | 1 Prestashop | 1 Correos Express | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers. | |||||
| CVE-2020-1940 | 1 Apache | 1 Jackrabbit Oak | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does not remove it upon processing during the first phase of the authentication. In combination with additional, independent authentication mechanisms, this may lead to the new password being disclosed. | |||||
| CVE-2020-10874 | 1 Motorola | 8 Fx9500-41324d41-us, Fx9500-41324d41-us Firmware, Fx9500-41324d41-ww and 5 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Motorola FX9500 devices allow remote attackers to read database files. | |||||
| CVE-2019-20637 | 1 Varnish-cache | 1 Varnish Cache | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers. | |||||
| CVE-2020-11527 | 1 Zohocorp | 1 Manageengine Opmanager | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files. | |||||
| CVE-2020-5839 | 1 Symantec | 1 Endpoint Detection And Response | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. | |||||
| CVE-2020-11589 | 1 Cipplanner | 1 Cipace | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only. | |||||