Total
8279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3756 | 1 Rsa | 1 Archer | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions. | |||||
| CVE-2019-15726 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server. | |||||
| CVE-2019-12492 | 1 Gallagher | 1 Command Centre | 2024-02-04 | 5.8 MEDIUM | 6.5 MEDIUM |
| Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and 8.x before 8.00.1128 allows arbitrary event creation and information disclosure via the FT Command Centre Service and FT Controller Service services. | |||||
| CVE-2018-10946 | 1 Polycom | 2 Realpresence Debut, Realpresence Debut Firmware | 2024-02-04 | 2.7 LOW | 6.8 MEDIUM |
| An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrarily read the admin user's password via the admin web UI. | |||||
| CVE-2018-6168 | 1 Google | 1 Chrome | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2017-15652 | 1 Artifex | 1 Ghostscript | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: Someone must open a postscript file though ghostscript. Because of imagemagick also use libga, so it was affected as well. | |||||
| CVE-2017-18550 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure. | |||||
| CVE-2018-13808 | 1 Siemens | 4 Cp 1604, Cp 1604 Firmware, Cp 1616 and 1 more | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). An attacker with network access to port 23/tcp could extract internal communication data or cause a Denial-of-Service condition. Successful exploitation requires network access to a vulnerable device. At the time of advisory publication no public exploitation of this vulnerability was known. | |||||
| CVE-2019-9680 | 1 Dahuasecurity | 18 Ipc-hdbw4x2x, Ipc-hdbw4x2x Firmware, Ipc-hdw1x2x and 15 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019. | |||||
| CVE-2018-13288 | 1 Synology | 1 File Station | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. | |||||
| CVE-2018-18762 | 1 Saltos | 1 Saltos | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| SaltOS 3.1 r8126 contains a database download vulnerability. | |||||
| CVE-2019-7404 | 1 Lg | 6 Gamp-7100, Gamp-7100 Firmware, Gapm-7200 and 3 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. An unauthenticated user can read a log file via an HTTP request containing its full pathname, such as http://192.168.0.1/var/gapm7100_${today's_date}.log for reading a filename such as gapm7100_190101.log. | |||||
| CVE-2019-10246 | 4 Eclipse, Microsoft, Netapp and 1 more | 26 Jetty, Windows, Element and 23 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories. | |||||
| CVE-2018-2008 | 1 Ibm | 1 Tririga Application Platform | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 could disclose sensitive information to an authenticated user that could aid in further attacks against the system. IBM X-Force ID: 155146. | |||||
| CVE-2019-3868 | 1 Redhat | 1 Keycloak | 2024-02-04 | 5.5 MEDIUM | 3.8 LOW |
| Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user’s browser session. | |||||
| CVE-2018-17956 | 1 Opensuse | 1 Yast2-samba-provision | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
| In yast2-samba-provision up to and including version 1.0.1 the password for samba shares was provided on the command line to tools used by yast2-samba-provision, allowing local attackers to read them in the process list | |||||
| CVE-2016-1600 | 1 Microfocus | 1 Identity Manager | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability. | |||||
| CVE-2018-19643 | 1 Microfocus | 1 Solutions Business Manager | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
| CVE-2017-18436 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.7 LOW | 3.5 LOW |
| cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239). | |||||
| CVE-2018-20944 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). | |||||