Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8316 | 1 Lenovo | 1 Vantage | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges.
|
|||||
| CVE-2020-8284 | 9 Apple, Debian, Fedoraproject and 6 more | 29 Mac Os X, Macos, Debian Linux and 26 more | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
|
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
|
|||||
| CVE-2020-8232 | 1 Ui | 12 Edgeswitch Firmware, Ep-16-xg, Ep-s16 and 9 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An information disclosure vulnerability exists in EdgeMax EdgeSwitch firmware v1.9.0 that allowed read only users could obtain unauthorized information through SNMP community pages.
|
|||||
| CVE-2020-8216 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID.
|
|||||
| CVE-2020-8210 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account.
|
|||||
| CVE-2020-8169 | 4 Debian, Haxx, Siemens and 1 more | 6 Debian Linux, Curl, Simatic Tim 1531 Irc and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
|
|||||
| CVE-2020-8151 | 2 Fedoraproject, Rubyonrails | 2 Fedora, Active Resource | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information.
|
|||||
| CVE-2020-7944 | 1 Puppet | 1 Continuous Delivery | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
|
In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report.
|
|||||
| CVE-2020-7932 | 1 Openmicroscopy | 1 Omero.web | 2024-11-21 | 3.5 LOW | 5.7 MEDIUM |
|
OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target. Information in the URL path such as object IDs may also be exposed.
|
|||||
| CVE-2020-7819 | 2 Microsoft, Ntracker | 2 Windows, Ntracker Usb Enterprise | 2024-11-21 | 5.0 MEDIUM | 9.3 CRITICAL |
|
A SQL-Injection vulnerability in the nTracker USB Enterprise(secure USB management solution) allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information.
|
|||||
| CVE-2020-7801 | 1 Mysyngeryss | 2 Husky Rtu 6049-e70, Husky Rtu 6049-e70 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability. The affected product is vulnerable to information exposure over the SNMP protocol. This is a different issue than CVE-2019-16879, CVE-2019-20045, CVE-2019-20046, CVE-2020-7800, and CVE-2020-7802.
|
|||||
| CVE-2020-7696 | 1 React-native-fast-image Project | 1 React-native-fast-image | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
This affects all versions of package react-native-fast-image. When an image with source={{uri: "...", headers: { host: "somehost.com", authorization: "..." }} is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to other servers.
|
|||||
| CVE-2020-7568 | 1 Schneider-electric | 2 Modicon M221, Modicon M221 Firmware | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
|
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.
|
|||||
| CVE-2020-7510 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to obtain private keys.
|
|||||
| CVE-2020-7506 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure.
|
|||||
| CVE-2020-7387 | 1 Sage | 3 Adxadmin, X3, X3 Hr \& Payroll | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fixed in AdxAdmin 93.2.53, which ships with updates for on-premises versions of Sage X3 Version 9 (components shipped with Syracuse 9.22.7.2 and later), Sage X3 HR & Payroll Version 9 (those components that ship with Syrac ...
Show More |
|||||
| CVE-2020-7284 | 1 Mcafee | 1 Network Security Management | 2024-11-21 | 7.2 HIGH | 8.6 HIGH |
|
Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI).
|
|||||
| CVE-2020-7270 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them.
|
|||||
| CVE-2020-7269 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them.
|
|||||
| CVE-2020-7262 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
|
Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter.
|
|||||
| CVE-2020-7196 | 1 Hp | 2 Bluedata Epic, Ezmeral Container Platform | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/".
|
|||||
| CVE-2020-7130 | 1 Hp | 1 Oneview Global Dashboard | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. HPE OneView Global Dashboard - After Upgrade or Install of OVGD Version 1.9, Appliance Firewall May Leave Ports Open. This is resolved in OVGD 1.91 or later.
|
|||||
| CVE-2020-7030 | 1 Avaya | 1 Ip Office | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3.
|
|||||
| CVE-2020-6993 | 1 Moxa | 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, an attacker can gain access to sensitive information from the web service without authorization.
|
|||||
| CVE-2020-6954 | 1 Cayintech | 2 Smp-pro4, Smp-pro4 Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a media_folder.cgi?apply_mode=ping_server URI.
|
|||||
| CVE-2020-6865 | 1 Zte | 1 Oscp | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
ZTE SDN controller platform is impacted by an information leakage vulnerability. Due to the program's failure to optimize the response of failure to the request, the caller can directly view the internal error code location of the component. Attackers could exploit this vulnerability to obtain sensitive information. This affects: OSCP versions V16.19.10 and V16.19.20.
|
|||||
| CVE-2020-6830 | 1 Mozilla | 1 Firefox | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't needed in this case, and its usage was also leaking this token. This vulnerability affects Firefox for iOS < 25.
|
|||||
| CVE-2020-6812 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.
|
|||||
| CVE-2020-6653 | 1 Eaton | 1 Secureconnect | 2024-11-21 | 2.1 LOW | 3.8 LOW |
|
Eaton's Secure connect mobile app v1.7.3 & prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can harvest the information and later on can use the information to monitor and control the user's account and associated devices.
|
|||||
| CVE-2020-6570 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction.
|
|||||
| CVE-2020-6514 | 6 Apple, Canonical, Debian and 3 more | 11 Ipados, Iphone Os, Safari and 8 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.
|
|||||
| CVE-2020-6489 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page.
|
|||||
| CVE-2020-6190 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
|
Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leading to Information Disclosure.
|
|||||
| CVE-2020-6178 | 1 Sap | 1 Enable Now | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure.
|
|||||
| CVE-2020-6170 | 1 Genexis | 2 Platinum-4410, Platinum-4410 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI.
|
|||||
| CVE-2020-5975 | 3 Apple, Microsoft, Nvidia | 3 Macos, Windows, Geforce Now | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, contains a vulnerability in the desktop application software that includes sensitive information as part of a URL, which may lead to information disclosure.
|
|||||
| CVE-2020-5890 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace.
|
|||||
| CVE-2020-5866 | 1 F5 | 1 Nginx Controller | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments.
|
|||||
| CVE-2020-5676 | 1 Weseek | 1 Growi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
GROWI v4.1.3 and earlier allow remote attackers to obtain information which is not allowed to access via unspecified vectors.
|
|||||
| CVE-2020-5573 | 1 Cybozu | 1 Kintone | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors.
|
|||||