Total
201 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-25776 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters. | |||||
CVE-2020-4906 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-02-28 | 2.1 LOW | 3.3 LOW |
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system. | |||||
CVE-2020-4726 | 1 Ibm | 1 Cloud Application Performance Management | 2024-02-28 | 2.1 LOW | 3.3 LOW |
The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975. | |||||
CVE-2020-4871 | 1 Ibm | 1 Planning Analytics | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834. | |||||
CVE-2020-26176 | 1 Tangro | 1 Business Workflow | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in tangro Business Workflow before 1.18.1. No (or broken) access control checks exist on the /api/document/<DocumentID>/attachments API endpoint. Knowing a document ID, an attacker can list all the attachments of a workitem, including their respective IDs. This allows the attacker to gather valid attachment IDs for workitems that do not belong to them. | |||||
CVE-2020-15775 | 1 Gradle | 1 Enterprise | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is incorrectly viewable anonymously. | |||||
CVE-2020-4674 | 1 Ibm | 1 Workload Automation | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287. | |||||
CVE-2019-19561 | 1 Harman | 1 Hermes | 2024-02-28 | 2.1 LOW | 2.4 LOW |
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information. | |||||
CVE-2021-27170 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet. | |||||
CVE-2021-28653 | 1 Westerndigital | 1 Armorlock | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware. | |||||
CVE-2020-9202 | 1 Huawei | 1 Te Mobile | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
There is an information disclosure vulnerability in TE Mobile software versions V600R006C10,V600R006C10SPC100. Due to the improper storage of some information in certain specific scenario, the attacker can gain information in the victim's device to launch the attack, successful exploit could cause information disclosure. | |||||
CVE-2019-4695 | 1 Ibm | 1 Guardium Data Encryption | 2024-02-28 | 2.1 LOW | 3.3 LOW |
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926. | |||||
CVE-2020-5262 | 1 Easybuild Project | 1 Easybuild | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository. | |||||
CVE-2020-8482 | 1 Abb | 1 Device Library Wizard | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data | |||||
CVE-2020-8481 | 1 Abb | 1 800xa System | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer. | |||||
CVE-2020-4371 | 1 Ibm | 1 Verify Gateway | 2024-02-28 | 2.1 LOW | 3.3 LOW |
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008. | |||||
CVE-2020-7000 | 1 Visam | 2 Vbase Editor, Vbase Web-remote | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HMI web interface. | |||||
CVE-2020-4344 | 1 Ibm | 1 Tivoli Business Service Manager | 2024-02-28 | 2.1 LOW | 3.3 LOW |
IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247. | |||||
CVE-2020-4171 | 1 Ibm | 1 Security Guardium Insights | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174407. | |||||
CVE-2019-13717 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page. |