Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10871 | 1 Openwrt | 1 Luci | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further
|
|||||
| CVE-2020-10782 | 1 Redhat | 1 Ansible Tower | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
|
An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality. This is fixed in Ansible version 3.7.1.
|
|||||
| CVE-2020-10750 | 1 Linuxfoundation | 1 Jaeger | 2024-11-21 | 2.1 LOW | 7.1 HIGH |
|
Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials.
|
|||||
| CVE-2020-10698 | 1 Redhat | 1 Ansible Tower | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it should be protected by the no_log flag when debugging is enabled. This flaw affects Ansible Tower versions before 3.6.4, Ansible Tower versions before 3.5.6 and Ansible Tower versions before 3.4.6.
|
|||||
| CVE-2020-10618 | 1 Lcds | 1 Laquis Scada | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users.
|
|||||
| CVE-2020-10291 | 1 Kuka | 1 Visual Components Network License Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from a network license server. The network license server binds to all interfaces (0.0.0.0) and listensfor packets over UDP port 5093. No authentication/authorization is required in order to communicate with theserver. The protocol being used is a property protocol ...
Show More |
|||||
| CVE-2020-10274 | 3 Easyrobotics, Mobile-industrial-robots, Uvd-robots | 20 Er-flex, Er-flex Firmware, Er-lite and 17 more | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
|
The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). This flaw in combination with CVE-2020-10273 allows any attacker connected to the robot networks (wired or wireless) to exfiltrate all stored data (e.g. indoor mapping images) and associated metadata from the robot's database.
|
|||||
| CVE-2020-10264 | 1 Universal-robots | 7 Ur10, Ur10e, Ur3 and 4 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Real-Time Data Exchange) interface on port 30004 which allows setting registers, the speed slider fraction as well as digital and analog Outputs. Additionally unautheticated reading of robot data is also possible
|
|||||
| CVE-2020-10104 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An issue was discovered in Zammad 3.0 through 3.2. After authentication, it transmits sensitive information to the user that may be compromised and used by an attacker to gain unauthorized access. Hashed passwords are returned to the user when visiting a certain URL.
|
|||||
| CVE-2020-10096 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Zammad 3.0 through 3.2. It does not prevent caching of confidential data within browser memory. An attacker who either remotely compromises or obtains physical access to a user's workstation can browse the browser cache contents and obtain sensitive information. The attacker does not need to be authenticated with the application to view this information, as it would be available via the browser cache.
|
|||||
| CVE-2020-10090 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed.
|
|||||
| CVE-2020-0488 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In ihevc_inter_pred_chroma_copy_ssse3 of ihevc_inter_pred_filters_ssse3_intr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158484516
|
|||||
| CVE-2020-0092 | 1 Google | 1 Android | 2024-11-21 | 1.9 LOW | 5.0 MEDIUM |
|
In setHideSensitive of NotificationStackScrollLayout.java, there is a possible disclosure of sensitive notification content due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145135488
|
|||||
| CVE-2020-0062 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Euicc, there is a possible information disclosure due to an included test Certificate. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143232031
|
|||||
| CVE-2020-0031 | 1 Google | 1 Android | 2024-11-21 | 4.7 MEDIUM | 5.0 MEDIUM |
|
In triggerAugmentedAutofillLocked and related functions of Session.java, it is possible for Augmented Autofill to display sensitive information to the user inappropriately. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141703197
|
|||||
| CVE-2020-0029 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 2.3 LOW |
|
In the WifiConfigManager, there is a possible storage of location history which can only be deleted by triggering a factory reset. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140065828
|
|||||
| CVE-2019-9866 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3. It allows Information Disclosure.
|
|||||
| CVE-2019-9753 | 1 Otrs | 1 Otrs | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items.
|
|||||
| CVE-2019-9541 | 1 Telos | 1 Automated Message Handling System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
: Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
|
|||||
| CVE-2019-9444 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2019-9424 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
In the Screen Lock, there is a possible information disclosure due to an unusual root cause. In certain circumstances, the setting to hide the unlock pattern can be ignored. Product: AndroidVersions: Android-10Android ID: A-110941092
|
|||||
| CVE-2019-9225 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 5 of 5).
|
|||||
| CVE-2019-9179 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
|
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 5 of 5).
|
|||||
| CVE-2019-9175 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 3 of 5).
|
|||||
| CVE-2019-9126 | 1 Dlink | 2 Dir-825 Rev.b, Dir-825 Rev.b Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is an information disclosure vulnerability via requests for the router_info.xml document. This will reveal the PIN code, MAC address, routing table, firmware version, update time, QOS information, LAN information, and WLAN information of the device.
|
|||||
| CVE-2019-9103 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker can access sensitive information (e.g., conduct username disclosure attacks) on the built-in WEB-service without authorization.
|
|||||
| CVE-2019-8730 | 1 Apple | 1 Mac Os X | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. This issue is fixed in macOS Catalina 10.15. A local user may be able to view a user’s locked notes.
|
|||||
| CVE-2019-8620 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A device may be passively tracked by its WiFi MAC address.
|
|||||
| CVE-2019-8567 | 1 Apple | 1 Iphone Os | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.2. A device may be passively tracked by its WiFi MAC address.
|
|||||
| CVE-2019-8286 | 1 Kaspersky | 5 Anti-virus, Free Anti-virus, Internet Security and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6
|
|||||
| CVE-2019-7852 | 1 Magento | 1 Magento | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for a specific file path could result in a redirect to the URL of the Magento admin panel, disclosing its location to potentially unauthorized parties.
|
|||||
| CVE-2019-7628 | 1 Redhat | 1 Pagure | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_key_expire_mail.py; disabling that job is also a viable solution. (E-mailing a substring of the API key was an attempted, but rejected, solution.)
|
|||||
| CVE-2019-7619 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm.
|
|||||
| CVE-2019-7535 | 1 Gurock | 1 Testrail | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology.
|
|||||
| CVE-2019-7436 | 1 Opensource Classified Ads Script Project | 1 Opensource Classified Ads Script | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory.
|
|||||
| CVE-2019-7434 | 1 Rental Bike Script Project | 1 Rental Bike Script | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory.
|
|||||
| CVE-2019-7431 | 1 Image Sharing Script Project | 1 Image Sharing Script | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
PHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal via a direct request for a listing of an uploads directory.
|
|||||
| CVE-2019-7429 | 1 Property Rental Software Project | 1 Property Rental Software | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
PHP Scripts Mall Property Rental Software 2.1.4 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2016/08 directory.
|
|||||
| CVE-2019-7388 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achieve information disclosure without authentication.
|
|||||
| CVE-2019-7353 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of other projects.
|
|||||