Total
124 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-8799 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2023-12-10 | 2.1 LOW | 2.4 LOW |
This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications. | |||||
CVE-2019-19561 | 1 Harman | 1 Hermes | 2023-12-10 | 2.1 LOW | 2.4 LOW |
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information. | |||||
CVE-2020-27662 | 1 Glpi-project | 1 Glpi | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.). | |||||
CVE-2021-28653 | 1 Westerndigital | 1 Armorlock | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware. | |||||
CVE-2019-19560 | 1 Harman | 1 Hermes | 2023-12-10 | 2.1 LOW | 4.6 MEDIUM |
An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with physical access to device hardware to obtain system information. | |||||
CVE-2020-26176 | 1 Tangro | 1 Business Workflow | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in tangro Business Workflow before 1.18.1. No (or broken) access control checks exist on the /api/document/<DocumentID>/attachments API endpoint. Knowing a document ID, an attacker can list all the attachments of a workitem, including their respective IDs. This allows the attacker to gather valid attachment IDs for workitems that do not belong to them. | |||||
CVE-2020-26104 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552). | |||||
CVE-2020-4315 | 1 Ibm | 1 Business Automation Content Analyzer On Cloud | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177234. | |||||
CVE-2020-4906 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2023-12-10 | 2.1 LOW | 3.3 LOW |
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system. | |||||
CVE-2020-11484 | 2 Intel, Nvidia | 2 Bmc Firmware, Dgx-1 | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to information disclosure. | |||||
CVE-2019-8898 | 1 Apple | 5 Ipados, Iphone Os, Itunes and 2 more | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited. | |||||
CVE-2019-19557 | 1 Harman | 1 Hermes | 2023-12-10 | 2.1 LOW | 2.4 LOW |
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct physical access to device hardware to obtain cellular modem information. | |||||
CVE-2021-27170 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet. | |||||
CVE-2020-0422 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
In constructImportFailureNotification of NotificationImportExportListener.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-161718556 | |||||
CVE-2019-4695 | 1 Ibm | 1 Guardium Data Encryption | 2023-12-10 | 2.1 LOW | 3.3 LOW |
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926. | |||||
CVE-2020-4371 | 1 Ibm | 1 Verify Gateway | 2023-12-10 | 2.1 LOW | 3.3 LOW |
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008. | |||||
CVE-2020-4172 | 1 Ibm | 1 Security Guardium Insights | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Guardium Insights 2.0.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 174408. | |||||
CVE-2020-7000 | 1 Visam | 2 Vbase Editor, Vbase Web-remote | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HMI web interface. | |||||
CVE-2020-5262 | 1 Easybuild Project | 1 Easybuild | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository. | |||||
CVE-2020-4344 | 1 Ibm | 1 Tivoli Business Service Manager | 2023-12-10 | 2.1 LOW | 3.3 LOW |
IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247. |