Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10096 | 1 Zammad | 1 Zammad | 2020-03-05 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Zammad 3.0 through 3.2. It does not prevent caching of confidential data within browser memory. An attacker who either remotely compromises or obtains physical access to a user's workstation can browse the browser cache contents and obtain sensitive information. The attacker does not need to be authenticated with the application to view this information, as it would be available via the browser cache. | |||||
| CVE-2012-6459 | 2 Intel, Linux | 2 Connman, Tizen | 2020-03-05 | 4.3 MEDIUM | N/A |
| ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, which might allow remote attackers to obtain sensitive information via Bluetooth packets. | |||||
| CVE-2020-10104 | 1 Zammad | 1 Zammad | 2020-03-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Zammad 3.0 through 3.2. After authentication, it transmits sensitive information to the user that may be compromised and used by an attacker to gain unauthorized access. Hashed passwords are returned to the user when visiting a certain URL. | |||||
| CVE-2018-8877 | 2 Asus, Asuswrt-merlin | 2 Asus Firmware, Asuswrt-merlin | 2020-03-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the error_page.htm page. | |||||
| CVE-2018-8878 | 2 Asus, Asuswrt-merlin | 2 Asus Firmware, Asuswrt-merlin | 2020-03-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page. | |||||
| CVE-2014-4019 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2020-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0. | |||||
| CVE-2015-9543 | 1 Openstack | 1 Nova | 2020-02-27 | 2.1 LOW | 3.3 LOW |
| An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py. | |||||
| CVE-2013-3551 | 1 Otrs | 2 Otrs, Otrs Itsm | 2020-02-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. | |||||
| CVE-2013-4088 | 1 Otrs | 1 Otrs | 2020-02-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. | |||||
| CVE-2020-5244 | 1 Buddypress | 1 Buddypress | 2020-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2. | |||||
| CVE-2014-4658 | 1 Redhat | 1 Ansible | 2020-02-25 | 2.1 LOW | 5.5 MEDIUM |
| The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file. | |||||
| CVE-2011-4915 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2020-02-25 | 2.1 LOW | 5.5 MEDIUM |
| fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts. | |||||
| CVE-2011-3901 | 1 Google | 1 Android | 2020-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| Android SQLite Journal before 4.0.1 has an information disclosure vulnerability. | |||||
| CVE-2013-6681 | 1 Mapway | 1 Tube Map | 2020-02-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| Tube Map Live Underground for Android before 3.0.22 has an Information Disclosure Vulnerability | |||||
| CVE-2012-0844 | 2 Debian, Netsurf-browser | 2 Debian Linux, Netsurf | 2020-02-24 | 2.1 LOW | 5.5 MEDIUM |
| Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar. | |||||
| CVE-2019-6193 | 1 Lenovo | 1 Xclarity Administrator | 2020-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes. | |||||
| CVE-2012-6091 | 1 Magentocommerce | 1 Magento | 2020-02-21 | 5.0 MEDIUM | 7.5 HIGH |
| Zend_XmlRpc Class in Magento before 1.7.0.2 contains an information disclosure vulnerability. | |||||
| CVE-2013-5687 | 1 Aicorporation | 1 Risknet Acquirer | 2020-02-20 | 5.0 MEDIUM | 7.5 HIGH |
| RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean contains a service information disclosure. | |||||
| CVE-2011-2343 | 1 Google | 1 Android | 2020-02-19 | 2.1 LOW | 2.4 LOW |
| The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain contact information via an AT phonebook transfer. | |||||
| CVE-2020-6190 | 1 Sap | 1 Netweaver Application Server Java | 2020-02-19 | 5.0 MEDIUM | 5.8 MEDIUM |
| Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leading to Information Disclosure. | |||||