Search
Total
3359 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3673 | 1 Typo3 | 1 Typo3 | 2019-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API. | |||||
| CVE-2013-4518 | 1 Redhat | 2 Enterprise Linux, Update Infrastructure | 2019-11-06 | 2.1 LOW | 5.5 MEDIUM |
| RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates | |||||
| CVE-2018-19854 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2019-11-06 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option). | |||||
| CVE-2019-17671 | 1 Wordpress | 1 Wordpress | 2019-11-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled. | |||||
| CVE-2013-4110 | 1 Cryptocat Project | 1 Cryptocat | 2019-11-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cryptocat has an Unspecified Chat Participant User List Disclosure | |||||
| CVE-2010-3664 | 1 Typo3 | 1 Typo3 | 2019-11-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend. | |||||
| CVE-2019-16908 | 1 Infosysta | 1 In-app \& Desktop Notifications | 2019-11-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI. | |||||
| CVE-2019-17321 | 1 Clipsoft | 1 Rexpert | 2019-11-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| ClipSoft REXPERT 1.0.0.527 and earlier version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required. | |||||
| CVE-2019-18611 | 1 Mediawiki | 1 Checkuser | 2019-10-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API. | |||||
| CVE-2019-18612 | 1 Mediawiki | 1 Abusefilter | 2019-10-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Previously hidden (restricted) AbuseFilter filters were viewable (or their differences were viewable) to unprivileged users, thus disclosing potentially sensitive information. | |||||
| CVE-2019-4397 | 1 Ibm | 2 Cloud Orchestrator, Cloud Orchestrator Enterprise | 2019-10-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239 | |||||
| CVE-2013-4856 | 1 D-link | 2 Dir-865l, Dir-865l Firmware | 2019-10-29 | 2.9 LOW | 6.5 MEDIUM |
| D-Link DIR-865L has Information Disclosure. | |||||
| CVE-2017-16355 | 2 Debian, Phusion | 2 Debian Linux, Passenger | 2019-10-28 | 1.2 LOW | 4.7 MEDIUM |
| In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml. | |||||
| CVE-2019-12708 | 1 Cisco | 4 Spa112, Spa112 Firmware, Spa122 and 1 more | 2019-10-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to unsafe handling of user credentials. An attacker could exploit this vulnerability by viewing portions of the web-based management interface of an affected device. A successful exploit could allow the attacker to access administrative credentials and potentially gain elevated privileges by reusing stolen credentials on the affected device. | |||||
| CVE-2017-14955 | 1 Tribe29 | 1 Checkmk | 2019-10-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report. | |||||
| CVE-2015-1828 | 1 Http.rb Project | 1 Http.rb | 2019-10-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack. | |||||
| CVE-2019-15902 | 4 Debian, Linux, Netapp and 1 more | 7 Debian Linux, Linux Kernel, Active Iq Performance Analytics Services and 4 more | 2019-10-17 | 4.7 MEDIUM | 5.6 MEDIUM |
| A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped. | |||||
| CVE-2019-2183 | 1 Google | 1 Android | 2019-10-16 | 2.1 LOW | 5.5 MEDIUM |
| In generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-136261465 | |||||
| CVE-2019-1334 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-15 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1345. | |||||
| CVE-2019-1337 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-10-15 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory, aka 'Windows Update Client Information Disclosure Vulnerability'. | |||||
| CVE-2019-1356 | 1 Microsoft | 4 Edge, Windows 10, Windows Server 2016 and 1 more | 2019-10-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka 'Microsoft Edge based on Edge HTML Information Disclosure Vulnerability'. | |||||
| CVE-2019-1363 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2019-10-11 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. | |||||
| CVE-2019-9753 | 1 Otrs | 1 Otrs | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items. | |||||
| CVE-2019-4437 | 1 Ibm | 1 Api Connect | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947. | |||||
| CVE-2019-4173 | 1 Ibm | 1 Cognos Controller | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to read secret data from process memory and obtain sensitive information. IBM X-Force ID: 158878. | |||||
| CVE-2019-5437 | 1 Harpjs | 1 Harp | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and no fix was applied to our knowledge. | |||||
| CVE-2019-3610 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware. | |||||
| CVE-2019-3928 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. A remote, unauthenticated attacker can use this vulnerability to access a restricted presentation or to become the presenter. | |||||
| CVE-2019-3635 | 1 Mcafee | 1 Web Gateway | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows attackers to obtain sensitive data via crafting a complex webpage that will trigger the Web Gateway to block the user accessing an iframe. | |||||
| CVE-2019-1762 | 1 Cisco | 2 Ios, Ios Xe | 2019-10-09 | 2.1 LOW | 4.4 MEDIUM |
| A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying materials that are part of the device configuration, which can be used to recover critical system information. | |||||
| CVE-2019-1645 | 1 Cisco | 1 Connected Mobile Experiences | 2019-10-09 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability in the Cisco Connected Mobile Experiences (CMX) software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. The vulnerability is due to a lack of input and validation checking mechanisms for certain GET requests to API's on an affected device. An attacker could exploit this vulnerability by sending HTTP GET requests to an affected device. An exploit could allow the attacker to use this information to conduct additional reconnaissance attacks. | |||||
| CVE-2019-13421 | 1 Search-guard | 1 Search Guard | 2019-10-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database. | |||||
| CVE-2019-13417 | 1 Search-guard | 1 Search Guard | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated. | |||||
| CVE-2019-10405 | 1 Jenkins | 1 Jenkins | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly. | |||||
| CVE-2019-1003021 | 1 Jenkins | 1 Openid Connect Authentication | 2019-10-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret. | |||||
| CVE-2019-1003018 | 1 Jenkins | 1 Github Oauth | 2019-10-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret. | |||||
| CVE-2019-10365 | 1 Google | 1 Kubernetes Engine | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission. | |||||
| CVE-2019-10407 | 1 Jenkins | 1 Project Inheritance | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin. | |||||
| CVE-2019-10243 | 1 Eclipse | 1 Kura | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by Kura. | |||||
| CVE-2018-9946 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setTimeOut method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5471. | |||||
| CVE-2018-9948 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of typed arrays. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5380. | |||||
| CVE-2018-7496 | 1 Osisoft | 1 Pi Vision | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The server response header and referrer-policy response header each provide unintended information disclosure. | |||||
| CVE-2018-7360 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2019-10-09 | 3.3 LOW | 6.5 MEDIUM |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp service. | |||||
| CVE-2018-7676 | 1 Netiq | 1 Identity Manager | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information. | |||||
| CVE-2018-6672 | 1 Mcafee | 1 Epolicy Orchestrator | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors. | |||||
| CVE-2018-4861 | 1 Siemens | 2 Scalance M875, Scalance M875 Firmware | 2019-10-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could potentially read and download arbitrary files from the device's file system. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-5477 | 1 Abb | 1 Netcadops | 2019-10-09 | 5.0 MEDIUM | 5.8 MEDIUM |
| An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application Version 8.1 and prior. A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information. | |||||
| CVE-2018-4835 | 1 Siemens | 1 Telecontrol Server Basic | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information. | |||||
| CVE-2018-5467 | 1 Belden | 134 Hirschmann M1-8mm-sc, Hirschmann M1-8sfp, Hirschmann M1-8sm-sc and 131 more | 2019-10-09 | 6.4 MEDIUM | 6.5 MEDIUM |
| An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user. | |||||
| CVE-2018-3817 | 1 Elastic | 1 Logstash | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information. | |||||