Total
222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-4371 | 1 Ibm | 1 Verify Gateway | 2024-11-21 | 2.1 LOW | 3.3 LOW |
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008. | |||||
CVE-2020-4344 | 1 Ibm | 1 Tivoli Business Service Manager | 2024-11-21 | 2.1 LOW | 3.3 LOW |
IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247. | |||||
CVE-2020-4315 | 1 Ibm | 1 Business Automation Content Analyzer On Cloud | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177234. | |||||
CVE-2020-4197 | 1 Ibm | 1 Tivoli Netcool\/omnibus | 2024-11-21 | 2.1 LOW | 2.4 LOW |
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174908. | |||||
CVE-2020-4171 | 1 Ibm | 1 Security Guardium Insights | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174407. | |||||
CVE-2020-29603 | 2 Mantisbt, Microsoft | 2 Mantisbt, Windows | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them. | |||||
CVE-2020-28911 | 1 Nagios | 1 Fusion | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php. | |||||
CVE-2020-26176 | 1 Tangro | 1 Business Workflow | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in tangro Business Workflow before 1.18.1. No (or broken) access control checks exist on the /api/document/<DocumentID>/attachments API endpoint. Knowing a document ID, an attacker can list all the attachments of a workitem, including their respective IDs. This allows the attacker to gather valid attachment IDs for workitems that do not belong to them. | |||||
CVE-2020-26104 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552). | |||||
CVE-2020-1493 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users. To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting. The security update addresses the vulnerability by correcting how Outlook handles file attachment links. | |||||
CVE-2020-15775 | 1 Gradle | 1 Enterprise | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is incorrectly viewable anonymously. | |||||
CVE-2020-13937 | 1 Apache | 1 Kylin | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone. | |||||
CVE-2019-9253 | 1 Google | 1 Android | 2024-11-21 | 4.9 MEDIUM | 4.4 MEDIUM |
In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109769728 | |||||
CVE-2019-8790 | 1 Apple | 1 Swift | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure. | |||||
CVE-2019-5633 | 1 Belwith-keeler | 1 Hickory Smart | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
An insecure storage of sensitive information vulnerability is present in Hickory Smart for iOS mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for iOS, version 01.01.07 and prior versions. | |||||
CVE-2019-5632 | 1 Belwith-keeler | 1 Hickory Smart | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
An insecure storage of sensitive information vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for Android, version 01.01.43 and prior versions. | |||||
CVE-2019-4695 | 1 Ibm | 1 Guardium Data Encryption | 2024-11-21 | 2.1 LOW | 3.3 LOW |
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926. | |||||
CVE-2019-4549 | 1 Ibm | 1 Security Directory Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951. | |||||
CVE-2019-4265 | 1 Ibm | 1 Maximo Anywhere | 2024-11-21 | 2.1 LOW | 2.4 LOW |
IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198. | |||||
CVE-2019-3684 | 1 Suse | 1 Manager | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem |