Search
Total
1326 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14969 | 1 Misp | 1 Misp | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. This occurs when querying the attribute restsearch API, revealing metadata about a correlating but unreachable attribute. | |||||
| CVE-2020-6877 | 1 Zte | 2 Zxa10 Eodn, Zxa10 Eodn Firmware | 2021-07-21 | 4.0 MEDIUM | 8.8 HIGH |
| A ZTE product is impacted by an information leak vulnerability. An attacker could use this vulnerability to obtain the authentication password of the handheld terminal and access the device illegally for operation. This affects: ZXA10 eODN V2.3P2T1 | |||||
| CVE-2020-10591 | 1 Walmart | 1 Concord | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows remote attackers to discover host information, nodes, API metadata, and references to usernames via api/v1/apikey. | |||||
| CVE-2020-10874 | 1 Motorola | 8 Fx9500-41324d41-us, Fx9500-41324d41-us Firmware, Fx9500-41324d41-ww and 5 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Motorola FX9500 devices allow remote attackers to read database files. | |||||
| CVE-2019-17643 | 1 Centreon | 1 Centreon | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Centreon before 2.8-30,18.10-8, 19.04-5, and 19.10-2. It provides sensitive information via an unauthenticated direct request for include/monitoring/recurrentDowntime/GetXMLHost4Services.php. | |||||
| CVE-2020-6264 | 1 Sap | 1 Commerce | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Commerce, versions - 6.7, 1808, 1811, 1905, may allow an attacker to access information under certain conditions which would otherwise be restricted, leading to Information Disclosure. | |||||
| CVE-2019-19866 | 1 Atos | 1 Unify Openscape Uc Web Client | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with their numbers and access PINs. | |||||
| CVE-2019-20696 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC505 before V5.6.8.3 and WAC510 before V5.6.8.3. | |||||
| CVE-2020-14157 | 1 Abus | 2 Secvest Wireless Control Fube50001, Secvest Wireless Control Fube50001 Firmware | 2021-07-21 | 4.8 MEDIUM | 8.1 HIGH |
| The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system. | |||||
| CVE-2020-26150 | 1 Logaritmo | 1 Aware Callmanager | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. | |||||
| CVE-2019-19693 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ Security 2020, Internet Security 2020 and 2 more | 2021-07-21 | 3.6 LOW | 7.1 HIGH |
| The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2019-20855 | 1 Mattermost | 1 Mattermost Server | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows attackers to obtain sensitive information (local files) during legacy attachment migration. | |||||
| CVE-2019-9223 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure. | |||||
| CVE-2019-7815 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2021-07-21 | 7.8 HIGH | 7.5 HIGH |
| Adobe Acrobat and Reader versions 2019.010.20091 and earlier, 2019.010.20091 and earlier, 2017.011.30120 and earlier version, and 2015.006.30475 and earlier have a data leakage (sensitive) vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2019-7951 | 1 Magento | 1 Magento | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A SOAP web service endpoint does not properly enforce parameters related to access control. This could be abused to leak customer information via crafted SOAP requests. | |||||
| CVE-2020-15834 | 1 Mofinetwork | 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenticated adversary can download via the web-management interface. | |||||
| CVE-2020-14458 | 1 Mattermost | 1 Mattermost Server | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private channels via the "get channel by name" API, aka MMSA-2020-0004. | |||||
| CVE-2020-14178 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0. | |||||
| CVE-2020-0876 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | |||||
| CVE-2020-6295 | 1 Sap | 1 Adaptive Server Enterprise | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the installed Cockpit. This compromise could enable the attacker to view, modify and/or make unavailable any data associated with the Cockpit, leading to Information Disclosure. | |||||
| CVE-2019-13338 | 1 Weseek | 1 Growi | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In WESEEK GROWI before 3.5.0, a remote attacker can obtain the password hash of the creator of a page by leveraging wiki access to make API calls for page metadata. In other words, the password hash can be retrieved even though it is not a publicly available field. | |||||
| CVE-2019-20614 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Allshare allows attackers to access sensitive information. The Samsung ID is SVE-2018-13453 (March 2019). | |||||
| CVE-2020-19360 | 1 Fhem | 1 Fhem | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a file, which can lead to sensitive information disclosure. | |||||
| CVE-2020-28054 | 1 Tsmmanager | 1 Tsmmanager | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request. | |||||
| CVE-2019-8998 | 1 Blackberry | 1 Qnx Software Development Platform | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized access to a chosen process address space. | |||||
| CVE-2020-27180 | 1 Konzept-ix | 1 Publixone | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter. | |||||
| CVE-2020-1940 | 1 Apache | 1 Jackrabbit Oak | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does not remove it upon processing during the first phase of the authentication. In combination with additional, independent authentication mechanisms, this may lead to the new password being disclosed. | |||||
| CVE-2019-3651 | 1 Mcafee | 1 Advanced Threat Defense | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive. | |||||
| CVE-2020-7905 | 1 Jetbrains | 1 Intellij Idea | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network. | |||||
| CVE-2020-6809 | 1 Mozilla | 1 Firefox | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox < 74. | |||||
| CVE-2020-10508 | 1 Sun | 1 Ehrd | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information. | |||||
| CVE-2020-27610 | 1 Bigbluebutton | 1 Bigbluebutton | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access. | |||||
| CVE-2020-7220 | 1 Hashicorp | 1 Vault | 2021-07-21 | 4.3 MEDIUM | 7.5 HIGH |
| HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2. | |||||
| CVE-2019-15629 | 1 Trendmicro | 1 Password Manager | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party applications on the device. | |||||
| CVE-2020-4449 | 1 Ibm | 1 Websphere Application Server | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230. | |||||
| CVE-2020-17508 | 1 Apache | 1 Traffic Server | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected. | |||||
| CVE-2020-11450 | 1 Microstrategy | 1 Microstrategy Web | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been mitigated in all versions of the product 11.0 and higher. | |||||
| CVE-2020-3932 | 1 Draytek | 2 Vigorap 910c, Vigorap 910c Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may cause information leakage. | |||||
| CVE-2020-0861 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability'. | |||||
| CVE-2019-7941 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | |||||
| CVE-2020-3945 | 2 Microsoft, Vmware | 2 Windows, Vrealize Operations | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may obtain sensitive information | |||||
| CVE-2020-1206 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'. | |||||
| CVE-2020-9228 | 1 Huawei | 1 Fusioncompute | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information. | |||||
| CVE-2017-9735 | 1 Eclipse | 1 Jetty | 2021-07-20 | 5.0 MEDIUM | 7.5 HIGH |
| Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. | |||||
| CVE-2021-20422 | 1 Ibm | 1 Cloud Pak For Applications | 2021-07-14 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by accessing data stored in memory. IBM X-Force ID: 196304. | |||||
| CVE-2021-32717 | 1 Shopware | 1 Shopware | 2021-07-02 | 5.0 MEDIUM | 7.5 HIGH |
| Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first change their configuration to set the correct visibility according to the documentation. The visibility must be at the same level as `type`. When the Storage is saved on Amazon AWS we recommending disabling public access to the bucket containing the private files: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html. Otherwise, update to Shopware 6.4.1.1 or install or update the Security plugin (https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659) and run the command `./bin/console s3:set-visibility` to correct your cloud file visibilities. | |||||
| CVE-2021-32711 | 1 Shopware | 1 Shopware | 2021-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| Shopware is an open source eCommerce platform. Versions prior to 6.3.5.1 may leak of information via Store-API. The vulnerability could only be fixed by changing the API system, which involves a non-backward-compatible change. Only consumers of the Store-API should be affected by this change. We recommend to update to the current version 6.3.5.1. You can get the update to 6.3.5.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/#shopware-6 The vulnerability could only be fixed by changing the API system, which involves a non-backward-compatible change. Only consumers of the Store-API should be affected by this change. Please check your plugins if you have it in use. Detailed technical information can be found in the upgrade information. https://github.com/shopware/platform/blob/v6.3.5.1/UPGRADE-6.3.md#6351 ### Workarounds For older versions of 6.1 and 6.2, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659 ### For more information https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2021 | |||||
| CVE-2021-20019 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2021-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability. | |||||
| CVE-2021-29086 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2021-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-8559 | 1 Chef | 1 Chef | 2021-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages. | |||||