Search
Total
3359 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14800 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2019-08-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI. | |||||
| CVE-2019-1171 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-08-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage, aka 'SymCrypt Information Disclosure Vulnerability'. | |||||
| CVE-2019-1202 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2019-08-20 | 3.6 LOW | 4.4 MEDIUM |
| An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. | |||||
| CVE-2019-1227 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-08-19 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1228. | |||||
| CVE-2019-1228 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2019-08-19 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1227. | |||||
| CVE-2019-1143 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-08-19 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1154, CVE-2019-1158. | |||||
| CVE-2019-1154 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2019-08-19 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1143, CVE-2019-1158. | |||||
| CVE-2019-1078 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-08-19 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1148, CVE-2019-1153. | |||||
| CVE-2019-1030 | 1 Microsoft | 4 Edge, Windows 10, Windows Server 2016 and 1 more | 2019-08-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka 'Microsoft Edge Information Disclosure Vulnerability'. | |||||
| CVE-2019-1158 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-08-19 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1143, CVE-2019-1154. | |||||
| CVE-2018-10545 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2019-08-19 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process. | |||||
| CVE-2018-20958 | 1 Tapplock | 2 Tapplock, Tapplock Firmware | 2019-08-15 | 3.3 LOW | 6.5 MEDIUM |
| The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device. | |||||
| CVE-2015-8553 | 2 Redhat, Xen | 2 Enterprise Linux, Xen | 2019-08-13 | 2.1 LOW | 6.5 MEDIUM |
| Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777. | |||||
| CVE-2016-10794 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154). | |||||
| CVE-2017-18396 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.9 MEDIUM | 5.5 MEDIUM |
| cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329). | |||||
| CVE-2016-10797 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all server domains (SEC-133). | |||||
| CVE-2017-18474 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201). | |||||
| CVE-2017-18478 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207). | |||||
| CVE-2016-10786 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186). | |||||
| CVE-2019-1009 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2019-08-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050. | |||||
| CVE-2016-10785 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 60.0.25 allows attackers to discover file contents during file copy operations (SEC-185). | |||||
| CVE-2018-20952 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388). | |||||
| CVE-2018-20941 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.7 MEDIUM | 5.6 MEDIUM |
| cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349). | |||||
| CVE-2016-10844 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77). | |||||
| CVE-2018-20889 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.6 LOW | 4.4 MEDIUM |
| cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425). | |||||
| CVE-2019-7852 | 1 Magento | 1 Magento | 2019-08-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for a specific file path could result in a redirect to the URL of the Magento admin panel, disclosing its location to potentially unauthorized parties. | |||||
| CVE-2018-6790 | 1 Kde | 1 Plasma-workspace | 2019-08-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element. | |||||
| CVE-2018-16658 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-08-06 | 3.6 LOW | 6.1 MEDIUM |
| An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. | |||||
| CVE-2018-11037 | 1 Exiv2 | 1 Exiv2 | 2019-08-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file. | |||||
| CVE-2016-10815 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120). | |||||
| CVE-2018-17211 | 1 Printeron | 1 Central Print Services | 2019-08-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. An unauthenticated attacker can view details about the printers associated with CPS via a crafted HTTP GET request. | |||||
| CVE-2018-10950 | 1 Synacor | 1 Zimbra Collaboration Suite | 2019-08-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump, tracing data, or full user-context dump. | |||||
| CVE-2018-20902 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408). | |||||
| CVE-2018-20913 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 3.5 LOW | 4.9 MEDIUM |
| cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364). | |||||
| CVE-2015-9288 | 1 Unity | 1 Web Player | 2019-08-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials | |||||
| CVE-2018-20870 | 1 Cpanel | 1 Cpanel | 2019-07-31 | 2.1 LOW | 5.5 MEDIUM |
| The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467). | |||||
| CVE-2018-1000169 | 1 Jenkins | 1 Jenkins | 2019-07-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins. | |||||
| CVE-2018-20073 | 1 Google | 1 Chrome | 2019-07-30 | 2.1 LOW | 5.5 MEDIUM |
| Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem. | |||||
| CVE-2017-3884 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2019-07-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D). | |||||
| CVE-2019-8286 | 1 Kaspersky | 5 Anti-virus, Free Anti-virus, Internet Security and 2 more | 2019-07-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6 | |||||
| CVE-2014-10374 | 1 Fitbit | 2 Charge 2, Charge 2 Firmware | 2019-07-24 | 3.3 LOW | 6.5 MEDIUM |
| On Fitbit activity-tracker devices, certain addresses never change. According to the popets-2019-0036.pdf document, this leads to "permanent trackability" and "considerable privacy concerns" without a user-accessible anonymization feature. The devices, such as Charge 2, transmit Bluetooth Low Energy (BLE) advertising packets with a TxAdd flag indicating random addresses, but the addresses remain constant. If devices come within BLE range at one or more locations where an adversary has set up passive sniffing, the adversary can determine whether the same device has entered one of these locations. | |||||
| CVE-2016-3059 | 1 Ibm | 2 Tivoli Storage Flashcopy Manager For Sql Server, Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server | 2019-07-18 | 2.1 LOW | 6.2 MEDIUM |
| IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server (aka IBM Spectrum Protect Snapshot) 3.1 before 3.1.1.7 and 3.2 before 3.2.1.9 allow local users to discover a cleartext SQL Server password by reading the Task List in the MMC GUI. | |||||
| CVE-2019-1116 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2019-07-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101. | |||||
| CVE-2018-14831 | 1 Damicms | 1 Damicms | 2019-07-17 | 4.0 MEDIUM | 4.9 MEDIUM |
| An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI. | |||||
| CVE-2019-1091 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-07-17 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Unistore.dll fails to properly handle objects in memory, aka 'Microsoft unistore.dll Information Disclosure Vulnerability'. | |||||
| CVE-2019-1108 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-07-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Client Information Disclosure Vulnerability'. | |||||
| CVE-2019-1112 | 1 Microsoft | 2 Office, Office 365 Proplus | 2019-07-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. | |||||
| CVE-2019-1096 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-07-17 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | |||||
| CVE-2019-1097 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-07-16 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1093. | |||||
| CVE-2019-1093 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-07-16 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1097. | |||||