Total
8279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15131 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests. | |||||
| CVE-2018-17482 | 1 Jollytech | 1 Lobby Track | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and clicking on reports, an attacker could exploit this vulnerability to gain access to all visitor records and obtain sensitive information. | |||||
| CVE-2019-8931 | 1 Rdbrck | 1 Shift | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application. | |||||
| CVE-2019-14353 | 1 Trezor | 2 One, One Firmware | 2024-02-04 | 1.9 LOW | 4.2 MEDIUM |
| On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: this CVE applies exclusively to the Trezor One, and does not refer to any issues with OLED displays on other devices. | |||||
| CVE-2014-10388 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure. | |||||
| CVE-2018-4300 | 1 Apple | 1 Cups | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10. | |||||
| CVE-2018-11215 | 1 Cloudera | 1 Data Science Workbench | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors. | |||||
| CVE-2018-20902 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408). | |||||
| CVE-2019-11648 | 1 Netiq | 1 Self Service Password Reset | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. The vulnerability could be exploited to expose sensitive information. | |||||
| CVE-2019-15085 | 1 Prise | 1 Adas | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form. | |||||
| CVE-2017-1107 | 1 Ibm | 1 Marketing Platform | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906. | |||||
| CVE-2019-1096 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | |||||
| CVE-2019-14278 | 1 Knowage-suite | 1 Knowage | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Knowage through 6.1.1, an unauthenticated user can enumerated valid usernames via the ChangePwdServlet page. | |||||
| CVE-2019-7277 | 1 Optergy | 2 Enterprise, Proton | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Optergy Proton/Enterprise devices allow Unauthenticated Internal Network Information Disclosure. | |||||
| CVE-2015-3952 | 1 Pifzer | 6 Plum A\+3 Infusion System, Plum A\+3 Infusion System Firmware, Plum A\+ Infusion System and 3 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. | |||||
| CVE-2018-10815 | 1 Cloudera | 1 Cloudera Manager | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information. | |||||
| CVE-2019-15132 | 2 Debian, Zabbix | 2 Debian Linux, Zabbix | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php. | |||||
| CVE-2019-1219 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory, aka 'Windows Transaction Manager Information Disclosure Vulnerability'. | |||||
| CVE-2019-13421 | 1 Search-guard | 1 Search Guard | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database. | |||||
| CVE-2018-20889 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.6 LOW | 4.4 MEDIUM |
| cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425). | |||||