Search
Total
7597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4452 | 1 Ibm | 1 Api Connect | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324. | |||||
| CVE-2020-11660 | 1 Broadcom | 1 Ca Api Developer Portal | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information. | |||||
| CVE-2020-14274 | 1 Hcltechsw | 1 Hcl Commerce | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data via unknown vectors. | |||||
| CVE-2019-13237 | 1 Alkacon | 1 Opencms Apollo Template | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp. | |||||
| CVE-2020-11576 | 1 Cncf | 1 Argo Continuous Delivery | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts because /api/v1/session returned 401 for an existing username and 404 otherwise. | |||||
| CVE-2020-12404 | 1 Mozilla | 1 Firefox | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS < 26. | |||||
| CVE-2020-11952 | 1 Rittal | 9 Cmc Iii Pu 7030.000, Cmc Iii Pu 7030.000 Firmware, Cmciii-pu-9333e0fb and 6 more | 2021-07-21 | 4.9 MEDIUM | 6.2 MEDIUM |
| An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. Attackers can bypass the CLI menu. | |||||
| CVE-2020-14976 | 1 Gns3 | 2 Gns3, Ubridge | 2021-07-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2.1.17, allows a local attacker to read arbitrary files because it handles configuration-file errors by printing the configuration file while executing in a setuid root context. | |||||
| CVE-2019-19257 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2). | |||||
| CVE-2020-0574 | 1 Intel | 2 Max 10 Fpga, Max 10 Fpga Firmware | 2021-07-21 | 3.6 LOW | 5.9 MEDIUM |
| Improper configuration in block design for Intel(R) MAX(R) 10 FPGA all versions may allow an authenticated user to potentially enable escalation of privilege and information disclosure via physical access. | |||||
| CVE-2019-2117 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In checkQueryPermission of TelephonyProvider.java, there is a possible disclosure of secure data due to a missing permission check. This could lead to local information disclosure about carrier systems with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-124107808. | |||||
| CVE-2020-0141 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| In OutputBuffersArray::realloc of CCodecBuffers.cpp, there is a possible heap disclosure due to a race condition. This could lead to remote information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544793 | |||||
| CVE-2020-1386 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information, aka 'Connected User Experiences and Telemetry Service Information Disclosure Vulnerability'. | |||||
| CVE-2020-15818 | 1 Jetbrains | 1 Youtrack | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence. | |||||
| CVE-2020-9260 | 1 Huawei | 4 P30, P30 Firmware, P30 Pro and 1 more | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E22R2P5) and versions earlier than 10.1.0.160(C00E160R2P8) have an information disclosure vulnerability. Certain WI-FI function's default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch the attack. Successful exploit could cause information disclosure. | |||||
| CVE-2020-10237 | 1 Froxlor | 1 Froxlor | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time, because of _createUserdataConf in install/lib/class.FroxlorInstall.php. | |||||
| CVE-2020-6832 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects. | |||||
| CVE-2020-14548 | 1 Oracle | 1 Business Intelligence | 2021-07-21 | 2.1 LOW | 3.4 LOW |
| Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N). | |||||
| CVE-2020-12286 | 1 Octopus | 1 Octopus Deploy | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the TaskView permission is not scoped to any dimension. For example, a scoped user who is scoped to only one tenant can view server tasks scoped to any other tenant. | |||||
| CVE-2020-11828 | 1 Oppo | 1 Coloros | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR. | |||||
| CVE-2020-6250 | 1 Sap | 1 Adaptive Server Enterprise | 2021-07-21 | 6.7 MEDIUM | 6.8 MEDIUM |
| SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password leading to Information Disclosure. This could help the attacker to read/write any data and even stop the server like an administrator. | |||||
| CVE-2019-13377 | 3 Canonical, Fedoraproject, W1.fi | 3 Ubuntu Linux, Fedora, Hostapd | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery. | |||||
| CVE-2020-28577 | 1 Trendmicro | 2 Apex One, Officescan | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names. | |||||
| CVE-2020-29446 | 1 Atlassian | 2 Crucible, Fisheye | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5. | |||||
| CVE-2020-14542 | 1 Oracle | 1 Solaris | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: libsuri). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2019-18886 | 1 Sensiolabs | 1 Symfony | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthorized attempts to use the switch users functionality. This is related to symfony/security. | |||||
| CVE-2019-20547 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. Data may leak via a Bluetooth debug command. The Samsung ID is SVE-2019-15398 (November 2019). | |||||
| CVE-2020-4532 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182716. | |||||
| CVE-2019-3483 | 1 Hp | 1 Arcsight Logger | 2021-07-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7. | |||||
| CVE-2020-13346 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API. | |||||
| CVE-2019-14394 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489). | |||||
| CVE-2019-12903 | 1 Pydio | 1 Cells | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Pydio Cells before 1.5.0, when supplied with a Name field in an unexpected Unicode format, fails to handle this and includes the database column/table name as pert of the error message, exposing sensitive information. | |||||
| CVE-2020-11959 | 1 Mi | 2 Xiaomi R3600, Xiaomi R3600 Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM before 1.0.50. | |||||
| CVE-2020-12120 | 1 Prestashop | 1 Correos Express | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers. | |||||
| CVE-2020-14544 | 1 Oracle | 1 Transportation Management | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Data, Domain & Function Security). The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2020-26899 | 1 Netgear | 14 Cbr40, Cbr40 Firmware, Rbk752 and 11 more | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| Certain NETGEAR devices are affected by disclosure of sensitive information. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | |||||
| CVE-2019-2118 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In various functions of Parcel.cpp, there are uninitialized or partially initialized stack variables. These could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-130161842. | |||||
| CVE-2020-4612 | 1 Ibm | 1 Data Risk Manager | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. IBM X-Force ID: 184924. | |||||
| CVE-2019-12921 | 1 Graphicsmagick | 1 Graphicsmagick | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. | |||||
| CVE-2020-1391 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows Agent Activation Runtime (AarSvc) fails to properly handle objects in memory, aka 'Windows Agent Activation Runtime Information Disclosure Vulnerability'. | |||||
| CVE-2020-1206 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'. | |||||
| CVE-2020-0608 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | |||||
| CVE-2019-18282 | 1 Linux | 1 Linux Kernel | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code. | |||||
| CVE-2019-15726 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server. | |||||
| CVE-2020-0755 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0748, CVE-2020-0756. | |||||
| CVE-2019-17646 | 1 Centreon | 1 Centreon | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Centreon before 18.10.8, 19.04.5, and 19.10.2. It provides sensitive information via an unauthenticated direct request for api/external.php?object=centreon_metric&action=listByService. | |||||
| CVE-2020-1290 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | |||||
| CVE-2020-23490 | 1 Wwbn | 1 Avideo | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file. | |||||
| CVE-2020-6371 | 1 Sap | 1 Netweaver As Abap | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure. | |||||
| CVE-2020-10591 | 1 Walmart | 1 Concord | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows remote attackers to discover host information, nodes, API metadata, and references to usernames via api/v1/apikey. | |||||