Search
Total
7597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18432 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 2.1 LOW | 7.8 HIGH |
| In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234). | |||||
| CVE-2016-10790 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192). | |||||
| CVE-2017-18474 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201). | |||||
| CVE-2017-18428 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 1.9 LOW | 2.5 LOW |
| In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290). | |||||
| CVE-2017-18478 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207). | |||||
| CVE-2018-20943 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 1.9 LOW | 2.5 LOW |
| cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352). | |||||
| CVE-2017-18391 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 1.9 LOW | 2.5 LOW |
| cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323). | |||||
| CVE-2016-10786 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186). | |||||
| CVE-2019-1009 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2019-08-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050. | |||||
| CVE-2016-10811 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 9.0 HIGH | 8.8 HIGH |
| In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116). | |||||
| CVE-2016-10810 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 9.0 HIGH | 8.8 HIGH |
| In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115). | |||||
| CVE-2016-10809 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 9.0 HIGH | 8.8 HIGH |
| In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114). | |||||
| CVE-2018-20942 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 1.9 LOW | 2.5 LOW |
| cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351). | |||||
| CVE-2017-18436 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 2.7 LOW | 3.5 LOW |
| cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239). | |||||
| CVE-2016-10785 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 60.0.25 allows attackers to discover file contents during file copy operations (SEC-185). | |||||
| CVE-2018-20952 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388). | |||||
| CVE-2018-20941 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.7 MEDIUM | 5.6 MEDIUM |
| cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349). | |||||
| CVE-2016-10844 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77). | |||||
| CVE-2012-6497 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | 5.0 MEDIUM | N/A |
| The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product. | |||||
| CVE-2009-3086 | 1 Rubyonrails | 1 Rails | 2019-08-08 | 5.0 MEDIUM | N/A |
| A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts. | |||||
| CVE-2018-20946 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). | |||||
| CVE-2018-20944 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). | |||||
| CVE-2018-20939 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). | |||||
| CVE-2018-20889 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.6 LOW | 4.4 MEDIUM |
| cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425). | |||||
| CVE-2018-20894 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 2.1 LOW | 3.3 LOW |
| cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443). | |||||
| CVE-2019-7852 | 1 Magento | 1 Magento | 2019-08-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for a specific file path could result in a redirect to the URL of the Magento admin panel, disclosing its location to potentially unauthorized parties. | |||||
| CVE-2018-16658 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-08-06 | 3.6 LOW | 6.1 MEDIUM |
| An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. | |||||
| CVE-2018-11037 | 1 Exiv2 | 1 Exiv2 | 2019-08-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file. | |||||
| CVE-2018-14348 | 3 Debian, Fedoraproject, Libcgroup Project | 3 Debian Linux, Fedora, Libcgroup | 2019-08-06 | 5.5 MEDIUM | 8.1 HIGH |
| libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. | |||||
| CVE-2017-15112 | 1 Keycloak-httpd-client-install Project | 1 Keycloak-httpd-client-install | 2019-08-06 | 2.1 LOW | 7.8 HIGH |
| keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users. | |||||
| CVE-2018-6790 | 1 Kde | 1 Plasma-workspace | 2019-08-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element. | |||||
| CVE-2017-18424 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 2.1 LOW | 3.3 LOW |
| In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274). | |||||
| CVE-2016-10815 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120). | |||||
| CVE-2018-13897 | 1 Qualcomm | 58 Mdm9206, Mdm9206 Firmware, Mdm9607 and 55 more | 2019-08-05 | 5.0 MEDIUM | 7.5 HIGH |
| Clients hostname gets added to DNS record on device which is running dnsmasq resulting in an information exposure in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660 | |||||
| CVE-2018-17211 | 1 Printeron | 1 Central Print Services | 2019-08-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. An unauthenticated attacker can view details about the printers associated with CPS via a crafted HTTP GET request. | |||||
| CVE-2017-6275 | 1 Google | 1 Android | 2019-08-02 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists in the Thermal Driver, where a missing bounds checking in the thermal driver could allow a read from an arbitrary kernel address. This issue is rated as moderate. Product: Pixel. Versions: N/A. Android ID: A-34702397. References: N-CVE-2017-6275. | |||||
| CVE-2018-10950 | 1 Synacor | 1 Zimbra Collaboration Suite | 2019-08-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump, tracing data, or full user-context dump. | |||||
| CVE-2018-20902 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408). | |||||
| CVE-2018-20913 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 3.5 LOW | 4.9 MEDIUM |
| cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364). | |||||
| CVE-2015-9288 | 1 Unity | 1 Web Player | 2019-08-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials | |||||
| CVE-2018-20870 | 1 Cpanel | 1 Cpanel | 2019-07-31 | 2.1 LOW | 5.5 MEDIUM |
| The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467). | |||||
| CVE-2008-5346 | 1 Sun | 3 Jdk, Jre, Sdk | 2019-07-31 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file. | |||||
| CVE-2018-1000169 | 1 Jenkins | 1 Jenkins | 2019-07-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins. | |||||
| CVE-2018-20073 | 1 Google | 1 Chrome | 2019-07-30 | 2.1 LOW | 5.5 MEDIUM |
| Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem. | |||||
| CVE-2017-3884 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2019-07-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D). | |||||
| CVE-2019-8286 | 1 Kaspersky | 5 Anti-virus, Free Anti-virus, Internet Security and 2 more | 2019-07-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6 | |||||
| CVE-2014-10374 | 1 Fitbit | 2 Charge 2, Charge 2 Firmware | 2019-07-24 | 3.3 LOW | 6.5 MEDIUM |
| On Fitbit activity-tracker devices, certain addresses never change. According to the popets-2019-0036.pdf document, this leads to "permanent trackability" and "considerable privacy concerns" without a user-accessible anonymization feature. The devices, such as Charge 2, transmit Bluetooth Low Energy (BLE) advertising packets with a TxAdd flag indicating random addresses, but the addresses remain constant. If devices come within BLE range at one or more locations where an adversary has set up passive sniffing, the adversary can determine whether the same device has entered one of these locations. | |||||
| CVE-2016-3059 | 1 Ibm | 2 Tivoli Storage Flashcopy Manager For Sql Server, Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server | 2019-07-18 | 2.1 LOW | 6.2 MEDIUM |
| IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server (aka IBM Spectrum Protect Snapshot) 3.1 before 3.1.1.7 and 3.2 before 3.2.1.9 allow local users to discover a cleartext SQL Server password by reading the Task List in the MMC GUI. | |||||
| CVE-2019-1116 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2019-07-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101. | |||||
| CVE-2018-14831 | 1 Damicms | 1 Damicms | 2019-07-17 | 4.0 MEDIUM | 4.9 MEDIUM |
| An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI. | |||||