Total
113 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-26104 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552). | |||||
CVE-2019-19562 | 1 Harman | 1 Hermes | 2024-02-04 | 2.1 LOW | 4.6 MEDIUM |
An authentication bypass in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with physical access to device hardware to obtain system information. | |||||
CVE-2020-15775 | 1 Gradle | 1 Enterprise | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is incorrectly viewable anonymously. | |||||
CVE-2020-4886 | 1 Ibm | 1 Infosphere Information Server | 2024-02-04 | 2.1 LOW | 3.3 LOW |
IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910. | |||||
CVE-2019-8898 | 1 Apple | 5 Ipados, Iphone Os, Itunes and 2 more | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited. | |||||
CVE-2020-4315 | 1 Ibm | 1 Business Automation Content Analyzer On Cloud | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177234. | |||||
CVE-2020-0422 | 1 Google | 1 Android | 2024-02-04 | 2.1 LOW | 3.3 LOW |
In constructImportFailureNotification of NotificationImportExportListener.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-161718556 | |||||
CVE-2020-27663 | 1 Glpi-project | 1 Glpi | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.). | |||||
CVE-2019-19560 | 1 Harman | 1 Hermes | 2024-02-04 | 2.1 LOW | 4.6 MEDIUM |
An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with physical access to device hardware to obtain system information. | |||||
CVE-2020-26176 | 1 Tangro | 1 Business Workflow | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in tangro Business Workflow before 1.18.1. No (or broken) access control checks exist on the /api/document/<DocumentID>/attachments API endpoint. Knowing a document ID, an attacker can list all the attachments of a workitem, including their respective IDs. This allows the attacker to gather valid attachment IDs for workitems that do not belong to them. | |||||
CVE-2021-25776 | 1 Jetbrains | 1 Teamcity | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters. | |||||
CVE-2020-4726 | 1 Ibm | 1 Cloud Application Performance Management | 2024-02-04 | 2.1 LOW | 3.3 LOW |
The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975. | |||||
CVE-2020-4906 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-02-04 | 2.1 LOW | 3.3 LOW |
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system. | |||||
CVE-2019-19557 | 1 Harman | 1 Hermes | 2024-02-04 | 2.1 LOW | 2.4 LOW |
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct physical access to device hardware to obtain cellular modem information. | |||||
CVE-2021-28653 | 1 Westerndigital | 1 Armorlock | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware. | |||||
CVE-2019-8799 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-02-04 | 2.1 LOW | 2.4 LOW |
This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications. | |||||
CVE-2020-9202 | 1 Huawei | 1 Te Mobile | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
There is an information disclosure vulnerability in TE Mobile software versions V600R006C10,V600R006C10SPC100. Due to the improper storage of some information in certain specific scenario, the attacker can gain information in the victim's device to launch the attack, successful exploit could cause information disclosure. | |||||
CVE-2020-4673 | 1 Ibm | 1 Workload Automation | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286. | |||||
CVE-2020-11484 | 2 Intel, Nvidia | 2 Bmc Firmware, Dgx-1 | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to information disclosure. | |||||
CVE-2020-27662 | 1 Glpi-project | 1 Glpi | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.). |