Total
124 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-25402 | 1 Samsung | 1 Notes | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information. | |||||
CVE-2020-28911 | 1 Nagios | 1 Fusion | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php. | |||||
CVE-2021-25404 | 1 Samsung | 2 Smartthings, Smartthings Firmware | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log. | |||||
CVE-2021-28815 | 1 Qnap | 4 Myqnapcloud Link, Qts, Quts Hero and 1 more | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4. | |||||
CVE-2021-20396 | 1 Ibm | 1 Security Qradar Analyst Workflow | 2023-12-10 | 2.1 LOW | 3.3 LOW |
IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009. | |||||
CVE-2021-20575 | 1 Ibm | 2 Application Gateway, Security Verify Access | 2023-12-10 | 2.1 LOW | 3.3 LOW |
IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278. | |||||
CVE-2021-22914 | 1 Citrix | 1 Cloud Connector | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer. | |||||
CVE-2020-4765 | 1 Ibm | 1 Cloud Pak For Multicloud Management | 2023-12-10 | 2.1 LOW | 3.3 LOW |
IBM Cloud Pak for Multicloud Management prior to 2.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 188902. | |||||
CVE-2020-27663 | 1 Glpi-project | 1 Glpi | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.). | |||||
CVE-2020-4674 | 1 Ibm | 1 Workload Automation | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287. | |||||
CVE-2020-13937 | 1 Apache | 1 Kylin | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone. | |||||
CVE-2020-4726 | 1 Ibm | 1 Cloud Application Performance Management | 2023-12-10 | 2.1 LOW | 3.3 LOW |
The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975. | |||||
CVE-2020-15775 | 1 Gradle | 1 Enterprise | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is incorrectly viewable anonymously. | |||||
CVE-2020-4886 | 1 Ibm | 1 Infosphere Information Server | 2023-12-10 | 2.1 LOW | 3.3 LOW |
IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910. | |||||
CVE-2019-19562 | 1 Harman | 1 Hermes | 2023-12-10 | 2.1 LOW | 4.6 MEDIUM |
An authentication bypass in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with physical access to device hardware to obtain system information. | |||||
CVE-2020-9202 | 1 Huawei | 1 Te Mobile | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
There is an information disclosure vulnerability in TE Mobile software versions V600R006C10,V600R006C10SPC100. Due to the improper storage of some information in certain specific scenario, the attacker can gain information in the victim's device to launch the attack, successful exploit could cause information disclosure. | |||||
CVE-2019-8790 | 1 Apple | 1 Swift | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure. | |||||
CVE-2020-29603 | 2 Mantisbt, Microsoft | 2 Mantisbt, Windows | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them. | |||||
CVE-2020-4673 | 1 Ibm | 1 Workload Automation | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286. | |||||
CVE-2021-25776 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters. |