Total
8278 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9753 | 1 Otrs | 1 Otrs | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items. | |||||
| CVE-2019-12497 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents (e.g., Name and mail address) can be disclosed in external notes. | |||||
| CVE-2015-2254 | 1 Huawei | 2 Oceanstor Uds, Oceanstor Uds Firmware | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to capture and change patch loading information resulting in the deletion of directory files and compromise of system functions when loading a patch. | |||||
| CVE-2019-15740 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads. | |||||
| CVE-2019-15129 | 1 Humanica | 1 Humatrix 7 | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to access all candidates' files in the photo folder on the website by specifying a "user id" parameter and file name, such as in a recruitment_online/upload/user/[user_id]/photo/[file_name] URI. | |||||
| CVE-2019-16180 | 1 Limesurvey | 1 Limesurvey | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Limesurvey before 3.17.14 allows remote attackers to bruteforce the login form and enumerate usernames when the LDAP authentication method is used. | |||||
| CVE-2019-14339 | 1 Canon | 1 Print | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. This allows an attacker's malicious application to obtain sensitive information including factory passwords for the administrator web interface and WPA2-PSK key. | |||||
| CVE-2019-1762 | 1 Cisco | 2 Ios, Ios Xe | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying materials that are part of the device configuration, which can be used to recover critical system information. | |||||
| CVE-2018-2009 | 1 Ibm | 1 Api Connect | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148. | |||||
| CVE-2018-2022 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM QRadar SIEM 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 155346. | |||||
| CVE-2017-12884 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure. | |||||
| CVE-2019-9171 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 4.3 MEDIUM | 3.7 LOW |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 1 of 5). | |||||
| CVE-2019-9105 | 1 Saet | 3 Tebe Small, Tebe Small Firmware, Webapp | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI&customurl=alladminusers call. | |||||
| CVE-2019-1093 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1097. | |||||
| CVE-2019-14395 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494). | |||||
| CVE-2019-9700 | 1 Norton | 1 Password Manager | 2024-02-04 | 1.7 LOW | 3.9 LOW |
| Norton Password Manager, prior to 6.3.0.2082, may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic. | |||||
| CVE-2018-4352 | 1 Apple | 1 Iphone Os | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions. This issue affected versions prior to iOS 12. | |||||
| CVE-2019-10243 | 1 Eclipse | 1 Kura | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by Kura. | |||||
| CVE-2019-16176 | 1 Limesurvey | 1 Limesurvey | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A path disclosure vulnerability was found in Limesurvey before 3.17.14 that allows a remote attacker to discover the path to the application in the filesystem. | |||||
| CVE-2019-1112 | 1 Microsoft | 2 Office, Office 365 Proplus | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. | |||||