Total
139 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4695 | 1 Ibm | 1 Guardium Data Encryption | 2020-08-28 | 2.1 LOW | 3.3 LOW |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926. | |||||
| CVE-2019-12914 | 1 Rdbrck | 1 Shift | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. | |||||
| CVE-2018-20886 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 4.6 MEDIUM | 5.3 MEDIUM |
| cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418). | |||||
| CVE-2019-12911 | 1 Rdbrck | 1 Shift | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. | |||||
| CVE-2020-4371 | 1 Ibm | 1 Verify Gateway | 2020-07-24 | 2.1 LOW | 3.3 LOW |
| IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008. | |||||
| CVE-2020-8482 | 1 Abb | 1 Device Library Wizard | 2020-06-01 | 2.1 LOW | 5.5 MEDIUM |
| Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data | |||||
| CVE-2019-4265 | 1 Ibm | 1 Maximo Anywhere | 2020-04-30 | 2.1 LOW | 2.4 LOW |
| IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198. | |||||
| CVE-2020-7000 | 1 Visam | 2 Vbase Editor, Vbase Web-remote | 2020-04-06 | 5.0 MEDIUM | 7.5 HIGH |
| VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HMI web interface. | |||||
| CVE-2020-5262 | 1 Easybuild Project | 1 Easybuild | 2020-03-23 | 2.1 LOW | 5.5 MEDIUM |
| In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository. | |||||
| CVE-2018-13313 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2020-03-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript contains the current user’s password in plaintext. | |||||
| CVE-2020-4197 | 1 Ibm | 1 Tivoli Netcool\/omnibus | 2020-03-03 | 2.1 LOW | 2.4 LOW |
| IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174908. | |||||
| CVE-2019-12825 | 1 Gitlab | 1 Gitlab | 2020-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo. | |||||
| CVE-2017-5250 | 1 Insteon | 1 Insteon For Hub | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner. | |||||
| CVE-2017-5249 | 1 Wink | 1 Wink | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner. | |||||
| CVE-2019-14957 | 1 Jetbrains | 1 Vim | 2019-10-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vim_settings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository. | |||||
| CVE-2017-0493 | 1 Google | 1 Android | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated as Moderate due to the possibility of bypassing the lock screen. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32793550. | |||||
| CVE-2017-7253 | 1 Dahuasecurity | 2 Ip Camera, Ip Camera Firmware | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the first JSON object encountered has a "Component error: login challenge!" message. The second JSON object encountered has a result indicating a successful admin login. | |||||
| CVE-2017-6911 | 1 Usb Pratirodh Project | 1 Usb Pratirodh | 2019-10-03 | 2.1 LOW | 6.6 MEDIUM |
| USB Pratirodh is prone to sensitive information disclosure. It stores sensitive information such as username and password in simple usb.xml. An attacker with physical access to the system can modify the file according his own requirements that may aid in further attack. | |||||
| CVE-2019-9253 | 1 Google | 1 Android | 2019-10-02 | 4.9 MEDIUM | 4.4 MEDIUM |
| In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109769728 | |||||