Total
323 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13937 | 1 Apache | 1 Kylin | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone. | |||||
| CVE-2020-11484 | 2 Intel, Nvidia | 2 Bmc Firmware, Dgx-1 | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to information disclosure. | |||||
| CVE-2020-0422 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| In constructImportFailureNotification of NotificationImportExportListener.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-161718556 | |||||
| CVE-2019-9253 | 1 Google | 1 Android | 2024-11-21 | 4.9 MEDIUM | 4.4 MEDIUM |
| In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109769728 | |||||
| CVE-2019-8898 | 1 Apple | 5 Ipados, Iphone Os, Itunes and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited. | |||||
| CVE-2019-8799 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications. | |||||
| CVE-2019-8790 | 1 Apple | 1 Swift | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure. | |||||
| CVE-2019-5633 | 1 Belwith-keeler | 1 Hickory Smart | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An insecure storage of sensitive information vulnerability is present in Hickory Smart for iOS mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for iOS, version 01.01.07 and prior versions. | |||||
| CVE-2019-5632 | 1 Belwith-keeler | 1 Hickory Smart | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An insecure storage of sensitive information vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for Android, version 01.01.43 and prior versions. | |||||
| CVE-2019-4695 | 1 Ibm | 1 Guardium Data Encryption | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926. | |||||
| CVE-2019-4549 | 1 Ibm | 1 Security Directory Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951. | |||||
| CVE-2019-4265 | 1 Ibm | 1 Maximo Anywhere | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198. | |||||
| CVE-2019-3684 | 1 Suse | 1 Manager | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem | |||||
| CVE-2019-20060 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information. | |||||
| CVE-2019-19562 | 1 Harman | 1 Hermes | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| An authentication bypass in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with physical access to device hardware to obtain system information. | |||||
| CVE-2019-19561 | 1 Harman | 1 Hermes | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information. | |||||
| CVE-2019-19560 | 1 Harman | 1 Hermes | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with physical access to device hardware to obtain system information. | |||||
| CVE-2019-19557 | 1 Harman | 1 Hermes | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct physical access to device hardware to obtain cellular modem information. | |||||
| CVE-2019-14957 | 1 Jetbrains | 1 Vim | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vim_settings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository. | |||||
| CVE-2019-13719 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page. | |||||