Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20333 | 1 Asus | 47 Asuswrt, Gt-ac2900, Gt-ac5300 and 44 more | 2020-03-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router. | |||||
| CVE-2019-19677 | 1 Arxes-tolina | 1 Arxes-tolina | 2020-03-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| arxes-tolina 3.0.0 allows User Enumeration. | |||||
| CVE-2013-2272 | 1 Bitcoin | 3 Bitcoin-qt, Bitcoin Core, Bitcoind | 2020-03-18 | 5.0 MEDIUM | N/A |
| The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 allows remote attackers to determine associations between wallet addresses and IP addresses via a series of large Bitcoin transactions with insufficient fees. | |||||
| CVE-2013-4165 | 1 Bitcoin | 1 Bitcoin Core | 2020-03-18 | 4.3 MEDIUM | N/A |
| The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack. | |||||
| CVE-2013-2273 | 1 Bitcoin | 3 Bitcoin-qt, Bitcoin Core, Bitcoind | 2020-03-18 | 5.0 MEDIUM | N/A |
| bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain potentially sensitive information about returned change by leveraging certain predictability in the outputs of a Bitcoin transaction. | |||||
| CVE-2020-10090 | 1 Gitlab | 1 Gitlab | 2020-03-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed. | |||||
| CVE-2012-5570 | 1 Basic Webmail Project | 1 Basic Webmail | 2020-03-16 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with the "access basic_webmail" permission to read arbitrary users' email addresses. | |||||
| CVE-2019-9103 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2020-03-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker can access sensitive information (e.g., conduct username disclosure attacks) on the built-in WEB-service without authorization. | |||||
| CVE-2020-0062 | 1 Google | 1 Android | 2020-03-11 | 5.0 MEDIUM | 7.5 HIGH |
| In Euicc, there is a possible information disclosure due to an included test Certificate. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143232031 | |||||
| CVE-2020-0031 | 1 Google | 1 Android | 2020-03-11 | 4.7 MEDIUM | 5.0 MEDIUM |
| In triggerAugmentedAutofillLocked and related functions of Session.java, it is possible for Augmented Autofill to display sensitive information to the user inappropriately. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141703197 | |||||
| CVE-2020-0029 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 2.3 LOW |
| In the WifiConfigManager, there is a possible storage of location history which can only be deleted by triggering a factory reset. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140065828 | |||||
| CVE-2012-1094 | 1 Redhat | 1 Jboss Application Server | 2020-03-10 | 5.0 MEDIUM | 7.5 HIGH |
| JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed. | |||||
| CVE-2016-9159 | 1 Siemens | 21 Simatic S7-300 Cpu 312, Simatic S7-300 Cpu 314, Simatic S7-300 Cpu 315-2 Dp and 18 more | 2020-03-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices. | |||||
| CVE-2011-4538 | 1 Lexmark | 66 C540, C540 Firmware, C543 and 63 more | 2020-03-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings. | |||||
| CVE-2011-3269 | 1 Lexmark | 168 25xxn, 25xxn Firmware, 6500e and 165 more | 2020-03-10 | 5.0 MEDIUM | 7.5 HIGH |
| Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut. | |||||
| CVE-2016-1159 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2020-03-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service. | |||||
| CVE-2019-12432 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Non-member users who subscribed to issue notifications could access the title of confidential issues through the unsubscription page. It allows Information Disclosure. | |||||
| CVE-2020-9282 | 1 Mahara | 1 Mahara | 2020-03-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios. | |||||
| CVE-2020-3193 | 1 Cisco | 1 Prime Collaboration Provisioning | 2020-03-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to obtain sensitive information about an affected device. The vulnerability exists because replies from the web-based management interface include unnecessary server information. An attacker could exploit this vulnerability by inspecting replies received from the web-based management interface. A successful exploit could allow the attacker to obtain details about the operating system, including the web server version that is running on the device, which could be used to perform further attacks. | |||||
| CVE-2020-7130 | 1 Hp | 1 Oneview Global Dashboard | 2020-03-05 | 5.0 MEDIUM | 7.5 HIGH |
| HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. HPE OneView Global Dashboard - After Upgrade or Install of OVGD Version 1.9, Appliance Firewall May Leave Ports Open. This is resolved in OVGD 1.91 or later. | |||||