Total
207 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-13937 | 1 Apache | 1 Kylin | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone. | |||||
CVE-2020-29603 | 2 Mantisbt, Microsoft | 2 Mantisbt, Windows | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them. | |||||
CVE-2020-4674 | 1 Ibm | 1 Workload Automation | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287. | |||||
CVE-2020-4344 | 1 Ibm | 1 Tivoli Business Service Manager | 2024-02-04 | 2.1 LOW | 3.3 LOW |
IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247. | |||||
CVE-2020-4371 | 1 Ibm | 1 Verify Gateway | 2024-02-04 | 2.1 LOW | 3.3 LOW |
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008. | |||||
CVE-2020-7000 | 1 Visam | 2 Vbase Editor, Vbase Web-remote | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HMI web interface. | |||||
CVE-2020-8481 | 1 Abb | 1 800xa System | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer. | |||||
CVE-2020-8482 | 1 Abb | 1 Device Library Wizard | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data | |||||
CVE-2020-4172 | 1 Ibm | 1 Security Guardium Insights | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Guardium Insights 2.0.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 174408. | |||||
CVE-2019-4695 | 1 Ibm | 1 Guardium Data Encryption | 2024-02-04 | 2.1 LOW | 3.3 LOW |
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926. | |||||
CVE-2020-5262 | 1 Easybuild Project | 1 Easybuild | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository. | |||||
CVE-2020-4197 | 1 Ibm | 1 Tivoli Netcool\/omnibus | 2024-02-04 | 2.1 LOW | 2.4 LOW |
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174908. | |||||
CVE-2018-13313 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript contains the current user’s password in plaintext. | |||||
CVE-2019-9253 | 1 Google | 1 Android | 2024-02-04 | 4.9 MEDIUM | 4.4 MEDIUM |
In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109769728 | |||||
CVE-2019-13717 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page. | |||||
CVE-2019-13719 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page. | |||||
CVE-2019-12825 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo. | |||||
CVE-2019-20060 | 1 Mfscripts | 1 Yetishare | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information. | |||||
CVE-2019-4265 | 1 Ibm | 1 Maximo Anywhere | 2024-02-04 | 2.1 LOW | 2.4 LOW |
IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198. | |||||
CVE-2019-4549 | 1 Ibm | 1 Security Directory Server | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951. |