Search
Total
7597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0716 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0717. | |||||
| CVE-2020-0775 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Information Disclosure Vulnerability'. | |||||
| CVE-2020-6310 | 1 Sap | 2 Abap Platform, Netweaver As Abap | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure. | |||||
| CVE-2020-0946 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0937, CVE-2020-0939, CVE-2020-0945, CVE-2020-0947. | |||||
| CVE-2020-5743 | 1 Tecnick | 1 Tcexam | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission. | |||||
| CVE-2020-0755 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0748, CVE-2020-0756. | |||||
| CVE-2020-27032 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In getRadioAccessFamily of PhoneInterfaceManager.java, there is a possible read of privileged data due to a missing permission check. This could lead to local information disclosure of radio data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150857259 | |||||
| CVE-2020-14168 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM) vulnerability. | |||||
| CVE-2019-8742 | 1 Apple | 1 Iphone Os | 2021-07-21 | 2.1 LOW | 2.4 LOW |
| The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13. A person with physical access to an iOS device may be able to access contacts from the lock screen. | |||||
| CVE-2020-11840 | 1 Microfocus | 1 Arcsight Management Center | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure. | |||||
| CVE-2020-11949 | 1 Vivotek | 388 Cc8160, Cc8160\(hs\), Cc8160\(hs\) Firmware and 385 more | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem. For example, this affects IT9388-HT devices. | |||||
| CVE-2019-8599 | 1 Apple | 1 Iphone Os | 2021-07-21 | 2.1 LOW | 2.4 LOW |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 12.3. A person with physical access to an iOS device may be able to see the email address used for iTunes. | |||||
| CVE-2020-0195 | 1 Google | 1 Android | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ihevcd_iquant_itrans_recon_ctb of ihevcd_iquant_itrans_recon_ctb.c and related functions, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144686961 | |||||
| CVE-2020-3679 | 1 Qualcomm | 34 Bitra, Bitra Firmware, Kamorta and 31 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| u'During execution after Address Space Layout Randomization is turned on for QTEE, part of code is still mapped at known address including code segments' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Bitra, Kamorta, Nicobar, QCS404, QCS610, Rennell, SA6155P, SA8155P, Saipan, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | |||||
| CVE-2020-0228 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is an improper configuration of recorder related service. Product: AndroidVersions: Android SoCAndroid ID: A-156333723 | |||||
| CVE-2020-10187 | 1 Doorkeeper Project | 1 Doorkeeper | 2021-07-21 | 4.3 MEDIUM | 7.5 HIGH |
| Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled. | |||||
| CVE-2020-20299 | 1 Weiphp | 1 Weiphp | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| WeiPHP 5.0 does not properly restrict access to pages, related to using POST. | |||||
| CVE-2020-1942 | 1 Apache | 1 Nifi | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was printed, potentially containing sensitive values in plaintext. | |||||
| CVE-2019-4686 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171822. | |||||
| CVE-2020-15507 | 1 Mobileiron | 5 Cloud, Core, Enterprise Connector and 2 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to read files on the system via unspecified vectors. | |||||
| CVE-2020-5587 | 1 Cybozu | 1 Garoon | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors. | |||||
| CVE-2020-14636 | 1 Oracle | 1 Weblogic Server | 2021-07-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2020-36237 | 1 Atlassian | 2 Data Center, Jira | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0. | |||||
| CVE-2020-36240 | 1 Atlassian | 1 Crowd | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. | |||||
| CVE-2020-0765 | 1 Microsoft | 1 Remote Desktop Connection Manager | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity, aka 'Remote Desktop Connection Manager Information Disclosure Vulnerability'. | |||||
| CVE-2020-4449 | 1 Ibm | 1 Websphere Application Server | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230. | |||||
| CVE-2020-14458 | 1 Mattermost | 1 Mattermost Server | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private channels via the "get channel by name" API, aka MMSA-2020-0004. | |||||
| CVE-2019-14615 | 2 Canonical, Intel | 709 Ubuntu Linux, Atom E3805, Atom E3805 Firmware and 706 more | 2021-07-21 | 1.9 LOW | 5.5 MEDIUM |
| Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2020-0498 | 1 Google | 1 Android | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In decode_packed_entry_number of codebook.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160633884 | |||||
| CVE-2020-1315 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2021-07-21 | 2.6 LOW | 5.3 MEDIUM |
| An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory, aka 'Internet Explorer Information Disclosure Vulnerability'. | |||||
| CVE-2019-13383 | 1 Centos-webpanel | 1 Centos Web Panel | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response. | |||||
| CVE-2020-0698 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Telephony Service improperly discloses the contents of its memory, aka 'Windows Information Disclosure Vulnerability'. | |||||
| CVE-2020-14544 | 1 Oracle | 1 Transportation Management | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Data, Domain & Function Security). The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2019-20744 | 1 Netgear | 2 Wac510, Wac510 Firmware | 2021-07-21 | 2.7 LOW | 4.5 MEDIUM |
| NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of sensitive information. | |||||
| CVE-2020-4494 | 3 Ibm, Linux, Microsoft | 5 Aix, Spectrum Protect Client, Spectrum Protect For Space Management and 2 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019. | |||||
| CVE-2020-6280 | 1 Sap | 2 Abap Platform, Netweaver As Abap | 2021-07-21 | 4.0 MEDIUM | 2.7 LOW |
| SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure. | |||||
| CVE-2020-0882 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0879, CVE-2020-0880. | |||||
| CVE-2020-0813 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory., aka 'Scripting Engine Information Disclosure Vulnerability'. | |||||
| CVE-2020-0939 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0937, CVE-2020-0945, CVE-2020-0946, CVE-2020-0947. | |||||
| CVE-2020-4816 | 1 Ibm | 1 Cloud Pak For Security | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189703. | |||||
| CVE-2020-4832 | 1 Ibm | 2 Aix, Powerha | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary directories after a discovery failure occurs. IBM X-Force ID: 189969. | |||||
| CVE-2020-27023 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| In setErrorPlaybackState of BluetoothMediaBrowserService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156009462 | |||||
| CVE-2020-7650 | 1 Synk | 1 Broker | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json. | |||||
| CVE-2020-1940 | 1 Apache | 1 Jackrabbit Oak | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does not remove it upon processing during the first phase of the authentication. In combination with additional, independent authentication mechanisms, this may lead to the new password being disclosed. | |||||
| CVE-2020-2838 | 1 Oracle | 1 Customer Relationship Management Gateway For Mobile Devices | 2021-07-21 | 5.0 MEDIUM | 8.6 HIGH |
| Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Gateway for Mobile Devices. While the vulnerability is in Oracle CRM Gateway for Mobile Devices, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Gateway for Mobile Devices accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). | |||||
| CVE-2020-10874 | 1 Motorola | 8 Fx9500-41324d41-us, Fx9500-41324d41-us Firmware, Fx9500-41324d41-ww and 5 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Motorola FX9500 devices allow remote attackers to read database files. | |||||
| CVE-2020-14542 | 1 Oracle | 1 Solaris | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: libsuri). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2020-11592 | 1 Cipplanner | 1 Cipace | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table within the CIP database. | |||||
| CVE-2019-4692 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 171829. | |||||
| CVE-2019-20598 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 2.4 LOW |
| An issue was discovered on Samsung mobile devices with O(8.x) software. Bixby leaks the keyboard's learned words, and the clipboard contents, via the lock screen. The Samsung IDs are SVE-2018-12896, SVE-2018-12897 (May 2019). | |||||