Total
8278 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6177 | 1 Google | 1 Chrome | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2019-7929 | 1 Magento | 1 Magento | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges may be able to view metadata of a trusted device used by another administrator via a crafted http request. | |||||
| CVE-2017-5210 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure. | |||||
| CVE-2017-18428 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 1.9 LOW | 2.5 LOW |
| In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290). | |||||
| CVE-2019-1209 | 1 Microsoft | 1 Lync | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists in Lync 2013, aka 'Lync 2013 Information Disclosure Vulnerability'. | |||||
| CVE-2019-1012 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050. | |||||
| CVE-2019-14932 | 1 Humanica | 1 Humatrix 7 | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to access all candidates' information on the website via a modified selApp variable to personalData/resumeDetail.cfm. This includes personal information and other sensitive data. | |||||
| CVE-2018-6159 | 1 Google | 1 Chrome | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2019-14407 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415). | |||||
| CVE-2019-9157 | 1 Gemalto | 1 Ezio Ds3 Server | 2024-02-04 | 2.7 LOW | 5.7 MEDIUM |
| Gemalto DS3 Authentication Server 2.6.1-SP01 allows Local File Disclosure. | |||||
| CVE-2018-1885 | 1 Ibm | 4 Business Automation Workflow, Business Process Manager, Business Process Manager Enterprise Service Bus and 1 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020. | |||||
| CVE-2019-1097 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1093. | |||||
| CVE-2018-14529 | 1 Invoxia | 2 Nvx220, Nvx220 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Invoxia NVX220 devices allow access to /bin/sh via escape from a restricted CLI, leading to disclosure of password hashes. | |||||
| CVE-2019-15031 | 4 Canonical, Linux, Opensuse and 1 more | 4 Ubuntu Linux, Linux Kernel, Leap and 1 more | 2024-02-04 | 3.6 LOW | 4.4 MEDIUM |
| In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c. | |||||
| CVE-2019-1252 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1286. | |||||
| CVE-2018-12301 | 1 Seagate | 1 Nas Os | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 allows attackers to access the loopback interface via a Download URL of 127.0.0.1 or localhost. | |||||
| CVE-2018-6150 | 1 Google | 1 Chrome | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2018-13291 | 1 Synology | 1 Diskstation Manager | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration. | |||||
| CVE-2019-12755 | 1 Symantec | 1 Norton Password Manager | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. | |||||
| CVE-2019-1023 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0990. | |||||