Search
Total
1326 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6877 | 1 Zte | 2 Zxa10 Eodn, Zxa10 Eodn Firmware | 2021-07-21 | 4.0 MEDIUM | 8.8 HIGH |
| A ZTE product is impacted by an information leak vulnerability. An attacker could use this vulnerability to obtain the authentication password of the handheld terminal and access the device illegally for operation. This affects: ZXA10 eODN V2.3P2T1 | |||||
| CVE-2019-9944 | 1 Openmicroscopy | 1 Omero.server | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent OMERO permissions restrictions. This occurs because the Bio-Formats feature allows an image file to have embedded pathnames. | |||||
| CVE-2020-29656 | 1 Asus | 2 Rt-ac88u, Rt-ac88u Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists in RT-AC88U Download Master before 3.1.0.108. A direct access to /downloadmaster/dm_apply.cgi?action_mode=initial&download_type=General&special_cgi=get_language makes it possible to reach "unknown functionality" in a "known to be easy" manner via an unspecified "public exploit." | |||||
| CVE-2020-2838 | 1 Oracle | 1 Customer Relationship Management Gateway For Mobile Devices | 2021-07-21 | 5.0 MEDIUM | 8.6 HIGH |
| Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Gateway for Mobile Devices. While the vulnerability is in Oracle CRM Gateway for Mobile Devices, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Gateway for Mobile Devices accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). | |||||
| CVE-2020-5839 | 1 Symantec | 1 Endpoint Detection And Response | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. | |||||
| CVE-2019-14399 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 6.1 MEDIUM | 7.1 HIGH |
| The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477). | |||||
| CVE-2019-17645 | 1 Centreon | 1 Centreon | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Centreon before 2.8.31, 18.10.9, 19.04.6, and 19.10.3. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/service/refreshMacroAjax.php. | |||||
| CVE-2020-13700 | 1 Acf To Rest Api Project | 1 Acf To Rest Api | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values. | |||||
| CVE-2020-6809 | 1 Mozilla | 1 Firefox | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox < 74. | |||||
| CVE-2020-12477 | 1 Teampass | 1 Teampass | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function. | |||||
| CVE-2020-11450 | 1 Microstrategy | 1 Microstrategy Web | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been mitigated in all versions of the product 11.0 and higher. | |||||
| CVE-2019-20694 | 1 Netgear | 8 Gs728tp, Gs728tp Firmware, Gs728tpp and 5 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Certain NETGEAR devices are affected by disclosure of sensitive information. This affects GS728TP before 6.0.0.48, GS728TPPv2 before 6.0.0.48, GS728TPv2 before 6.0.0.48, GS752TPP before 6.0.0.48, and GS752TPv2 before 6.0.0.48. | |||||
| CVE-2019-20649 | 1 Netgear | 2 Mr1100, Mr1100 Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of sensitive information. | |||||
| CVE-2020-26600 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with Q(10.0) software. Auto Hotspot allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (October 2020). | |||||
| CVE-2020-3921 | 1 Unisoon | 2 Ultralog Express, Ultralog Express Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page. | |||||
| CVE-2019-20619 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with P(9.0) software. Secure Startup leaks keyboard suggested words. The Samsung ID is SVE-2019-13773 (March 2019). | |||||
| CVE-2020-6237 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. | |||||
| CVE-2019-9223 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure. | |||||
| CVE-2019-15065 | 1 Hinet | 2 Gpon, Gpon Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L). | |||||
| CVE-2020-6164 | 1 Silverstripe | 1 Silverstripe | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As a side-effect, this preconfigured path also blocks the creation of other resources on this path (e.g. a page). | |||||
| CVE-2020-7969 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. | |||||
| CVE-2020-8004 | 1 St | 2 Stm32f1, Stm32f1 Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| STMicroelectronics STM32F1 devices have Incorrect Access Control. | |||||
| CVE-2020-35802 | 1 Netgear | 28 Cbr40, Cbr40 Firmware, Rax75 and 25 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Certain NETGEAR devices are affected by disclosure of sensitive information. This affects CBR40 before 2.5.0.14, RBW30 before 2.6.1.4, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, and RBS40V before 2.6.1.4. | |||||
| CVE-2020-15478 | 1 Journal-theme | 1 Journal | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors. | |||||
| CVE-2020-4452 | 1 Ibm | 1 Api Connect | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324. | |||||
| CVE-2020-9591 | 1 Magento | 1 Magento | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access to admin panel. | |||||
| CVE-2020-9376 | 1 Dlink | 2 Dir-610, Dir-610 Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-6252 | 1 Sap | 1 Adaptive Server Enterprise Cockpit | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact system availability. | |||||
| CVE-2020-24312 | 1 Webdesi9 | 1 File Manager | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken. | |||||
| CVE-2020-0142 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In rw_i93_sm_format of rw_i93.c, there is a possible information disclosure due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146435761 | |||||
| CVE-2019-4689 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171826. | |||||
| CVE-2020-7654 | 1 Synk | 1 Broker | 2021-07-21 | 4.3 MEDIUM | 7.5 HIGH |
| All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG. | |||||
| CVE-2019-20614 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Allshare allows attackers to access sensitive information. The Samsung ID is SVE-2018-13453 (March 2019). | |||||
| CVE-2020-14255 | 1 Hcltech | 1 Digital Experience | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations. | |||||
| CVE-2020-13359 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.5 MEDIUM | 7.6 HIGH |
| The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are >=12.10, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
| CVE-2020-12877 | 1 Veritas | 1 Aptare | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Veritas APTARE versions prior to 10.4 allowed sensitive information to be accessible without authentication. | |||||
| CVE-2020-6869 | 1 Zte | 1 Ztemarket Apk | 2021-07-21 | 5.5 MEDIUM | 8.1 HIGH |
| All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation. | |||||
| CVE-2019-7673 | 1 Mobotix | 2 S14, S14 Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Administrator Credentials are stored in the 13-character DES hash format. | |||||
| CVE-2020-12120 | 1 Prestashop | 1 Correos Express | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers. | |||||
| CVE-2020-12876 | 2 Microsoft, Veritas | 2 Windows, Aptare | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Veritas APTARE versions prior to 10.4 allowed remote users to access several unintended files on the server. This vulnerability only impacts Windows server deployments. | |||||
| CVE-2020-14969 | 1 Misp | 1 Misp | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. This occurs when querying the attribute restsearch API, revealing metadata about a correlating but unreachable attribute. | |||||
| CVE-2020-12851 | 1 Pydio | 1 Cells | 2021-07-21 | 5.5 MEDIUM | 8.1 HIGH |
| Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in the targeted user folders. | |||||
| CVE-2020-0876 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | |||||
| CVE-2019-15729 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request. | |||||
| CVE-2020-24765 | 1 Mind | 1 Imind Server | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request. | |||||
| CVE-2020-14274 | 1 Hcltechsw | 1 Hcl Commerce | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data via unknown vectors. | |||||
| CVE-2019-15330 | 1 Webp Express Project | 1 Webp Express | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading. | |||||
| CVE-2020-11587 | 1 Cipplanner | 1 Cipace | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server. | |||||
| CVE-2020-12127 | 1 Wavlink | 2 Wn530h4, Wn530h4 Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication. | |||||
| CVE-2020-14451 | 2 Apple, Mattermost | 2 Iphone Os, Mattermost Mobile | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Mobile Apps before 1.29.0. The iOS app allowed Single Sign-On cookies and Local Storage to remain after a logout, aka MMSA-2020-0013. | |||||