Search
Total
7597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1252 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-09-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1286. | |||||
| CVE-2019-1245 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-09-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1251. | |||||
| CVE-2019-1286 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-09-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1252. | |||||
| CVE-2019-1244 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-09-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1245, CVE-2019-1251. | |||||
| CVE-2019-1209 | 1 Microsoft | 1 Lync | 2019-09-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists in Lync 2013, aka 'Lync 2013 Information Disclosure Vulnerability'. | |||||
| CVE-2019-1216 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-09-12 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'. | |||||
| CVE-2018-6806 | 1 Marked 2 Project | 1 Marked 2 | 2019-09-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Marked 2 through 2.5.11 allows remote attackers to read arbitrary files via a crafted HTML document that triggers a redirect to an x-marked://preview?text= URL. The value of the text parameter can include arbitrary JavaScript code, e.g., making XMLHttpRequest calls. | |||||
| CVE-2019-0352 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2019-09-11 | 5.0 MEDIUM | 7.5 HIGH |
| In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout. | |||||
| CVE-2018-21011 | 1 Wpcharitable | 1 Charitable | 2019-09-11 | 5.0 MEDIUM | 7.5 HIGH |
| The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details. | |||||
| CVE-2019-11545 | 1 Gitlab | 1 Gitlab | 2019-09-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue. | |||||
| CVE-2019-11605 | 1 Gitlab | 1 Gitlab | 2019-09-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. It allows Information Disclosure. A small number of GitLab API endpoints would disclose project information when using a read_user scoped token. | |||||
| CVE-2019-16177 | 1 Limesurvey | 1 Limesurvey | 2019-09-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Limesurvey before 3.17.14, the entire database is exposed through browser caching. | |||||
| CVE-2019-10667 | 1 Librenms | 1 Librenms | 2019-09-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths. | |||||
| CVE-2019-9866 | 1 Gitlab | 1 Gitlab | 2019-09-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3. It allows Information Disclosure. | |||||
| CVE-2019-9444 | 1 Google | 1 Android | 2019-09-09 | 2.1 LOW | 4.4 MEDIUM |
| In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2019-2103 | 1 Google | 1 Android | 2019-09-06 | 2.1 LOW | 5.5 MEDIUM |
| In Google Assistant in Android 9, there is a possible permissions bypass that allows the Assistant to take a screenshot of apps with FLAG_SECURE. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2019-14280 | 1 Craftcms | 1 Craft Cms | 2019-09-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public. | |||||
| CVE-2019-11658 | 1 Microfocus | 1 Content Manager | 2019-08-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state. | |||||
| CVE-2018-5738 | 2 Canonical, Isc | 2 Ubuntu Linux, Bind | 2019-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the "allow-recursion" setting, it SHOULD default to one of the following: none, if "recursion no;" is set in named.conf; a value inherited from the "allow-query-cache" or "allow-query" settings IF "recursion yes;" (the default for that setting) AND match lists are explicitly set for "allow-query-cache" or "allow-query" (see the BIND9 Administrative Reference Manual section 6.2 for more details); or the intended default of "allow-recursion {localhost; localnets;};" if "recursion yes;" is in effect and no values are explicitly set for "allow-query-cache" or "allow-query". However, because of the regression introduced by change #4777, it is possible when "recursion yes;" is in effect and no match list values are provided for "allow-query-cache" or "allow-query" for the setting of "allow-recursion" to inherit a setting of all hosts from the "allow-query" setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition. | |||||
| CVE-2019-15045 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2019-08-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| ** DISPUTED ** AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality. | |||||
| CVE-2014-10388 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2019-08-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure. | |||||
| CVE-2018-14669 | 1 Yandex | 1 Clickhouse | 2019-08-28 | 5.0 MEDIUM | 7.5 HIGH |
| ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server. | |||||
| CVE-2016-3145 | 1 Lexmark | 28 C4150, C6160, Cs720de and 25 more | 2019-08-28 | 2.1 LOW | 4.6 MEDIUM |
| Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory. | |||||
| CVE-2019-0338 | 1 Sap | 1 Gateway | 2019-08-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure. | |||||
| CVE-2017-18550 | 1 Linux | 1 Linux Kernel | 2019-08-23 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure. | |||||
| CVE-2017-18549 | 1 Linux | 1 Linux Kernel | 2019-08-23 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply structure. | |||||
| CVE-2019-1225 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-08-22 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Server Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1224. | |||||
| CVE-2019-1224 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-08-22 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Server Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1225. | |||||
| CVE-2018-15979 | 2 Adobe, Microsoft | 3 Acrobat Dc, Acrobat Reader Dc, Windows | 2019-08-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier have a ntlm sso hash theft vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-4993 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-08-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an NTLM SSO hash theft vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2017-3115 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2019-08-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an information disclosure vulnerability when handling links in a PDF document. | |||||
| CVE-2017-3118 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2019-08-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability related to execution of malicious attachments. | |||||
| CVE-2019-1172 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2019-08-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session, aka 'Windows Information Disclosure Vulnerability'. | |||||
| CVE-2019-14800 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2019-08-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI. | |||||
| CVE-2019-1171 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-08-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage, aka 'SymCrypt Information Disclosure Vulnerability'. | |||||
| CVE-2019-1202 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2019-08-20 | 3.6 LOW | 4.4 MEDIUM |
| An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. | |||||
| CVE-2019-1227 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-08-19 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1228. | |||||
| CVE-2019-1228 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2019-08-19 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1227. | |||||
| CVE-2018-15661 | 1 Olacabs | 1 Ola Money | 2019-08-19 | 2.6 LOW | 7.5 HIGH |
| ** DISPUTED ** An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions and the ability to read SMS messages, then the Forgot Password screen can be used to bypass authentication. NOTE: the vendor does not agree that this is a security issue requiring a fix. | |||||
| CVE-2019-1143 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-08-19 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1154, CVE-2019-1158. | |||||
| CVE-2019-1154 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2019-08-19 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1143, CVE-2019-1158. | |||||
| CVE-2019-1078 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-08-19 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1148, CVE-2019-1153. | |||||
| CVE-2019-1030 | 1 Microsoft | 4 Edge, Windows 10, Windows Server 2016 and 1 more | 2019-08-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka 'Microsoft Edge Information Disclosure Vulnerability'. | |||||
| CVE-2019-1158 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-08-19 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1143, CVE-2019-1154. | |||||
| CVE-2018-10545 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2019-08-19 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process. | |||||
| CVE-2018-20958 | 1 Tapplock | 2 Tapplock, Tapplock Firmware | 2019-08-15 | 3.3 LOW | 6.5 MEDIUM |
| The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device. | |||||
| CVE-2015-8553 | 2 Redhat, Xen | 2 Enterprise Linux, Xen | 2019-08-13 | 2.1 LOW | 6.5 MEDIUM |
| Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777. | |||||
| CVE-2016-10794 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154). | |||||
| CVE-2017-18396 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.9 MEDIUM | 5.5 MEDIUM |
| cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329). | |||||
| CVE-2016-10797 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all server domains (SEC-133). | |||||