Vulnerabilities (CVE)

Filtered by CWE-922
Total 207 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-13937 1 Apache 1 Kylin 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.
CVE-2020-29603 2 Mantisbt, Microsoft 2 Mantisbt, Windows 2024-02-04 4.0 MEDIUM 4.3 MEDIUM
In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them.
CVE-2020-4674 1 Ibm 1 Workload Automation 2024-02-04 4.0 MEDIUM 4.3 MEDIUM
IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287.
CVE-2020-4344 1 Ibm 1 Tivoli Business Service Manager 2024-02-04 2.1 LOW 3.3 LOW
IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247.
CVE-2020-4371 1 Ibm 1 Verify Gateway 2024-02-04 2.1 LOW 3.3 LOW
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008.
CVE-2020-7000 1 Visam 2 Vbase Editor, Vbase Web-remote 2024-02-04 5.0 MEDIUM 7.5 HIGH
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HMI web interface.
CVE-2020-8481 1 Abb 1 800xa System 2024-02-04 10.0 HIGH 9.8 CRITICAL
For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer.
CVE-2020-8482 1 Abb 1 Device Library Wizard 2024-02-04 2.1 LOW 5.5 MEDIUM
Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data
CVE-2020-4172 1 Ibm 1 Security Guardium Insights 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
IBM Security Guardium Insights 2.0.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 174408.
CVE-2019-4695 1 Ibm 1 Guardium Data Encryption 2024-02-04 2.1 LOW 3.3 LOW
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926.
CVE-2020-5262 1 Easybuild Project 1 Easybuild 2024-02-04 2.1 LOW 5.5 MEDIUM
In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository.
CVE-2020-4197 1 Ibm 1 Tivoli Netcool\/omnibus 2024-02-04 2.1 LOW 2.4 LOW
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174908.
CVE-2018-13313 1 Totolink 2 A3002ru, A3002ru Firmware 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript contains the current user’s password in plaintext.
CVE-2019-9253 1 Google 1 Android 2024-02-04 4.9 MEDIUM 4.4 MEDIUM
In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109769728
CVE-2019-13717 2 Google, Opensuse 2 Chrome, Backports Sle 2024-02-04 4.3 MEDIUM 4.3 MEDIUM
Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.
CVE-2019-13719 2 Google, Opensuse 2 Chrome, Backports Sle 2024-02-04 4.3 MEDIUM 4.3 MEDIUM
Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.
CVE-2019-12825 1 Gitlab 1 Gitlab 2024-02-04 4.0 MEDIUM 4.3 MEDIUM
Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo.
CVE-2019-20060 1 Mfscripts 1 Yetishare 2024-02-04 5.0 MEDIUM 7.5 HIGH
MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information.
CVE-2019-4265 1 Ibm 1 Maximo Anywhere 2024-02-04 2.1 LOW 2.4 LOW
IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198.
CVE-2019-4549 1 Ibm 1 Security Directory Server 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951.