Total
324 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28911 | 1 Nagios | 1 Fusion | 2024-11-21 | 6.5 Medium |
| Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php. | ||||
| CVE-2020-26176 | 1 Tangro | 1 Business Workflow | 2024-11-21 | 4.3 Medium |
| An issue was discovered in tangro Business Workflow before 1.18.1. No (or broken) access control checks exist on the /api/document/<DocumentID>/attachments API endpoint. Knowing a document ID, an attacker can list all the attachments of a workitem, including their respective IDs. This allows the attacker to gather valid attachment IDs for workitems that do not belong to them. | ||||
| CVE-2020-26104 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 High |
| In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552). | ||||
| CVE-2020-1493 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2024-11-21 | 5.5 Medium |
| An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users. To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting. The security update addresses the vulnerability by correcting how Outlook handles file attachment links. | ||||
| CVE-2020-15775 | 1 Gradle | 1 Enterprise | 2024-11-21 | 7.5 High |
| An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is incorrectly viewable anonymously. | ||||
| CVE-2020-13937 | 1 Apache | 1 Kylin | 2024-11-21 | 5.3 Medium |
| Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone. | ||||
| CVE-2019-9253 | 1 Google | 1 Android | 2024-11-21 | 4.4 Medium |
| In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109769728 | ||||
| CVE-2019-8790 | 1 Apple | 1 Swift | 2024-11-21 | 5.5 Medium |
| This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure. | ||||
| CVE-2019-5633 | 1 Belwith-keeler | 1 Hickory Smart | 2024-11-21 | 5.5 Medium |
| An insecure storage of sensitive information vulnerability is present in Hickory Smart for iOS mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for iOS, version 01.01.07 and prior versions. | ||||
| CVE-2019-5632 | 1 Belwith-keeler | 1 Hickory Smart | 2024-11-21 | 5.5 Medium |
| An insecure storage of sensitive information vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for Android, version 01.01.43 and prior versions. | ||||
| CVE-2019-5627 | 1 Bluecats | 1 Bc Reveal | 2024-11-21 | 7.8 High |
| The iOS mobile application BlueCats Reveal before 5.14 stores the username and password in the app cache as base64 encoded strings, i.e. clear text. These persist in the cache even if the user logs out. This can allow an attacker to compromise the affected BlueCats network implementation. The attacker would first need to gain physical control of the iOS device or compromise it with a malicious app. | ||||
| CVE-2019-5626 | 1 Bluecats | 1 Bluecats Reveal | 2024-11-21 | 7.8 High |
| The Android mobile application BlueCats Reveal before 3.0.19 stores the username and password in a clear text file. This file persists until the user logs out or the session times out from non-usage (30 days of no user activity). This can allow an attacker to compromise the affected BlueCats network implementation. The attacker would first need to gain physical control of the Android device or compromise it with a malicious app. | ||||
| CVE-2019-5625 | 1 Eaton | 1 Halo Home | 2024-11-21 | 7.1 High |
| The Android mobile application Halo Home before 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. This file persists until the user logs out of the application and reboots the device. This vulnerability can allow an attacker to impersonate the legitimate user by reusing the stored OAuth token, thus allowing them to view and change the user's personal information stored in the backend cloud service. The attacker would first need to gain physical control of the Android device or compromise it with a malicious app. | ||||
| CVE-2019-4695 | 1 Ibm | 1 Guardium Data Encryption | 2024-11-21 | 3.3 Low |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926. | ||||
| CVE-2019-4549 | 1 Ibm | 1 Security Directory Server | 2024-11-21 | 5.3 Medium |
| IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951. | ||||
| CVE-2019-4265 | 1 Ibm | 1 Maximo Anywhere | 2024-11-21 | 2.4 Low |
| IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198. | ||||
| CVE-2019-3684 | 1 Suse | 1 Manager | 2024-11-21 | 5.9 Medium |
| SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem | ||||
| CVE-2019-20060 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 7.5 High |
| MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information. | ||||
| CVE-2019-19561 | 1 Harman | 1 Hermes | 2024-11-21 | 2.4 Low |
| A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information. | ||||
| CVE-2019-19557 | 1 Harman | 1 Hermes | 2024-11-21 | 2.4 Low |
| A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct physical access to device hardware to obtain cellular modem information. | ||||