Search
Total
3359 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25838 | 1 Microfocus | 1 Filr | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information. | |||||
| CVE-2020-4783 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189214. | |||||
| CVE-2019-2117 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In checkQueryPermission of TelephonyProvider.java, there is a possible disclosure of secure data due to a missing permission check. This could lead to local information disclosure about carrier systems with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-124107808. | |||||
| CVE-2020-9530 | 1 Mi | 1 Miui Firmware | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetApps(com.xiaomi.mipicks) mishandles the functionality of opening other components. Attackers need to induce users to open specific web pages in a specific network environment. By jumping to the WebView component of Messaging(com.android.MMS) and loading malicious web pages, information leakage can occur. This is fixed on version: 2001122; 11.0.1.54. | |||||
| CVE-2020-4413 | 1 Ibm | 1 Security Secret Server | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 179988. | |||||
| CVE-2020-0882 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0879, CVE-2020-0880. | |||||
| CVE-2020-9351 | 1 Smartclient | 1 Smartclient | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the absolute path). | |||||
| CVE-2019-20652 | 1 Netgear | 2 Wac505, Wac505 Firmware | 2021-07-21 | 2.1 LOW | 6.5 MEDIUM |
| NETGEAR WAC505 devices before 8.2.1.16 are affected by disclosure of sensitive information. | |||||
| CVE-2020-0706 | 1 Microsoft | 8 Edge, Internet Explorer, Windows 10 and 5 more | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists in the way that affected Microsoft browsers handle cross-origin requests, aka 'Microsoft Browser Information Disclosure Vulnerability'. | |||||
| CVE-2020-1141 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0963, CVE-2020-1145, CVE-2020-1179. | |||||
| CVE-2020-0946 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0937, CVE-2020-0939, CVE-2020-0945, CVE-2020-0947. | |||||
| CVE-2019-3459 | 4 Canonical, Debian, Linux and 1 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. | |||||
| CVE-2020-29451 | 1 Atlassian | 2 Data Center, Jira | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.14.1. | |||||
| CVE-2019-20849 | 1 Mattermost | 1 Mattermost Mobile | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout. | |||||
| CVE-2020-9811 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory. | |||||
| CVE-2020-7974 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab EE 10.1 through 12.7.2 allows Information Disclosure. | |||||
| CVE-2019-20609 | 1 Google | 1 Android | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can use Smartwatch to view Secure Folder notification content. The Samsung ID is SVE-2019-13899 (April 2019). | |||||
| CVE-2019-3460 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. | |||||
| CVE-2020-0716 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0717. | |||||
| CVE-2020-4612 | 1 Ibm | 1 Data Risk Manager | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. IBM X-Force ID: 184924. | |||||
| CVE-2019-2119 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In multiple functions of key_store_service.cpp, there is a possible Information Disclosure due to improper locking. This could lead to local information disclosure of protected data with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-131622568. | |||||
| CVE-2020-1145 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0963, CVE-2020-1141, CVE-2020-1179. | |||||
| CVE-2020-15594 | 1 Zohocorp | 1 Application Control Plus | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the instance of the product is deployed. | |||||
| CVE-2019-2190 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 4.3 MEDIUM |
| In LG's LAF component, there is a possible leak of information in a protected disk partition due to a missing bounds check. This could lead to local information disclosure via USB with User execution privileges needed. User interaction is not required for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-68771598 | |||||
| CVE-2020-9070 | 1 Huawei | 2 Taurus-al00b, Taurus-al00b Firmware | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205(C00E201R7P2) have an improper authentication vulnerability. The software insufficiently validate the user's identity when a user wants to do certain operation. An attacker can trick user into installing a malicious application to exploit this vulnerability. Successful exploit may cause some information disclosure. | |||||
| CVE-2020-3874 | 1 Apple | 2 Ipados, Iphone Os | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issued existed in the naming of screenshots. The issue was corrected with improved naming. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Screenshots of the Messages app may reveal additional message content. | |||||
| CVE-2020-0017 | 1 Google | 1 Android | 2021-07-21 | 3.3 LOW | 4.4 MEDIUM |
| In multiple places, it was possible for the primary user’s dictionary to be visible to and modifiable by secondary users. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-123232892 | |||||
| CVE-2020-28573 | 1 Trendmicro | 2 Apex One, Officescan | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server. | |||||
| CVE-2020-7227 | 1 Westermo | 2 Mrd-315, Mrd-315 Firmware | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, backup.asp, sys-power.asp, ifaces-wls.asp, ifaces-wls-pkt.asp, and ifaces-wls-pkt-adv.asp. | |||||
| CVE-2020-8516 | 1 Torproject | 1 Tor | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| ** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability. | |||||
| CVE-2020-0955 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure in CPU Memory Access'. | |||||
| CVE-2020-11588 | 1 Cipplanner | 1 Cipace | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer data and application paths. | |||||
| CVE-2020-15829 | 1 Jetbrains | 1 Teamcity | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs. | |||||
| CVE-2020-26924 | 1 Netgear | 4 Wac720, Wac720 Firmware, Wac730 and 1 more | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC720 before 3.9.1.13 and WAC730 before 3.9.1.13. | |||||
| CVE-2019-13383 | 1 Centos-webpanel | 1 Centos Web Panel | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response. | |||||
| CVE-2020-7653 | 1 Synk | 1 Broker | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths. | |||||
| CVE-2020-6861 | 1 Ledger | 3 Monero, Nano S, Nano X | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attacker to extract the master spending key by sending crafted messages to this app selected on a PIN-entered Ledger connected to a host PC. | |||||
| CVE-2020-4171 | 1 Ibm | 1 Security Guardium Insights | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174407. | |||||
| CVE-2019-3483 | 1 Hp | 1 Arcsight Logger | 2021-07-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7. | |||||
| CVE-2020-14544 | 1 Oracle | 1 Transportation Management | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Data, Domain & Function Security). The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2019-3420 | 1 Zte | 2 Zxhn H108n, Zxhn H108n Firmware | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations. | |||||
| CVE-2020-1826 | 1 Huawei | 2 Honor Magic2, Honor Magic2 Firmware | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.175(C00E59R2P11) have an information leak vulnerability. Due to a module using weak encryption tool, an attacker with the root permission may exploit the vulnerability to obtain some information. | |||||
| CVE-2020-1263 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1261. | |||||
| CVE-2020-4410 | 1 Ibm | 2 Engineering Test Management, Rational Rhapsody Design Manager | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not have access to. IBM X-Force ID: 179539. | |||||
| CVE-2020-36240 | 1 Atlassian | 1 Crowd | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. | |||||
| CVE-2020-0550 | 1 Intel | 752 Celeron 1000m, Celeron 1005m, Celeron 1007u and 749 more | 2021-07-21 | 1.9 LOW | 5.6 MEDIUM |
| Improper data forwarding in some data cache for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. The list of affected products is provided in intel-sa-00330: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html | |||||
| CVE-2020-0775 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Information Disclosure Vulnerability'. | |||||
| CVE-2020-1351 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. | |||||
| CVE-2020-1397 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka 'Windows Imaging Component Information Disclosure Vulnerability'. | |||||
| CVE-2019-20148 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control. | |||||