Total
281 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-2505 | 1 Qnap | 1 Qes | 2023-12-10 | 2.1 LOW | 2.3 LOW |
If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. | |||||
CVE-2020-4897 | 1 Ibm | 2 Emptoris Contract Management, Emptoris Spend Analysis | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988. | |||||
CVE-2020-4487 | 1 Ibm | 13 Collaborative Lifecycle Management, Doors Next, Engineering Insights and 10 more | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862. | |||||
CVE-2020-4842 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190046. | |||||
CVE-2020-4599 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184824. | |||||
CVE-2020-15219 | 1 Combodo | 1 Itop | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, when a download error is triggered in the user portal, an SQL query is displayed to the user. This is fixed in versions 2.7.2 and 3.0.0. | |||||
CVE-2020-4600 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184832. | |||||
CVE-2020-4846 | 1 Ibm | 1 Security Key Lifecycle Manager | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190290. | |||||
CVE-2020-25633 | 2 Quarkus, Redhat | 2 Quarkus, Resteasy | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality. | |||||
CVE-2020-4629 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2023-12-10 | 2.1 LOW | 3.3 LOW |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370. | |||||
CVE-2020-1717 | 1 Redhat | 4 Jboss Fuse, Keycloak, Openshift Application Runtimes and 1 more | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack. | |||||
CVE-2020-4544 | 1 Ibm | 13 Collaborative Lifecycle Management, Doors Next, Engineering Insights and 10 more | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189. | |||||
CVE-2020-6438 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. | |||||
CVE-2020-8213 | 1 Ui | 1 Unifi Protect | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP response code and response timing. | |||||
CVE-2020-4327 | 1 Ibm | 1 Security Secret Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 177599. | |||||
CVE-2020-6511 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
CVE-2020-4166 | 1 Ibm | 1 Security Guardium Insights | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 174402. | |||||
CVE-2020-4341 | 1 Ibm | 1 Security Secret Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178181. | |||||
CVE-2019-4729 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519. | |||||
CVE-2019-11252 | 1 Kubernetes | 1 Kubernetes | 2023-12-10 | 5.0 MEDIUM | 6.5 MEDIUM |
The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes. |