Total
8279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12127 | 2 Fedoraproject, Intel | 3 Fedora, Microarchitectural Load Port Data Sampling, Microarchitectural Load Port Data Sampling Firmware | 2024-02-04 | 4.7 MEDIUM | 5.6 MEDIUM |
| Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf | |||||
| CVE-2019-9179 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 4.3 MEDIUM | 3.7 LOW |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 5 of 5). | |||||
| CVE-2016-10810 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115). | |||||
| CVE-2018-7122 | 1 Hp | 1 Intelligent Management Center | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A remote disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-4193 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-force ID: 159032. | |||||
| CVE-2019-1009 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050. | |||||
| CVE-2016-10811 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116). | |||||
| CVE-2019-14394 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489). | |||||
| CVE-2018-20942 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 1.9 LOW | 2.5 LOW |
| cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351). | |||||
| CVE-2019-7353 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of other projects. | |||||
| CVE-2019-5016 | 2 Kcodes, Netgear | 5 Netusb.ko, R7900, R7900 Firmware and 2 more | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory read, resulting in a denial of service or remote information disclosure. An unauthenticated attacker can send a crafted packet on the local network to trigger this vulnerability. | |||||
| CVE-2019-14939 | 1 Mysql Project | 1 Mysql | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default. | |||||
| CVE-2018-4403 | 1 Apple | 1 Mac Os X | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed by removing additional entitlements. This issue affected versions prior to macOS Mojave 10.14.1. | |||||
| CVE-2018-17211 | 1 Printeron | 1 Central Print Services | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. An unauthenticated attacker can view details about the printers associated with CPS via a crafted HTTP GET request. | |||||
| CVE-2019-7941 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | |||||
| CVE-2018-14865 | 1 Odoo | 1 Odoo | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier does not use secure options when passing documents to wkhtmltopdf, which allows remote attackers to read local files. | |||||
| CVE-2015-9288 | 1 Unity | 1 Web Player | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials | |||||
| CVE-2018-18977 | 1 Ascensia | 1 Contour Diabetes | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. An attacker may reverse engineer the codebase to extract sensitive data that contributes to the disclosure of medical information of patients utilizing the Ascensia platform. This occurs because of weak obfuscation. | |||||
| CVE-2018-21011 | 1 Wpcharitable | 1 Charitable | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details. | |||||
| CVE-2019-3781 | 1 Cloudfoundry | 1 Command Line Interface | 2024-02-04 | 3.5 LOW | 8.8 HIGH |
| Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password. | |||||