Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6671 | 1 Edx | 1 Edx-platform | 2020-01-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup. | |||||
| CVE-2019-19254 | 1 Gitlab | 1 Gitlab | 2020-01-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control. | |||||
| CVE-2019-19256 | 1 Gitlab | 1 Gitlab | 2020-01-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorrect Access Control. | |||||
| CVE-2018-1682 | 1 Ibm | 1 Watston Studio Local | 2020-01-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Watson Studio Local 1.2.3 could disclose sensitive information over the network that an attacked could use in further attacks against the system. IBM X-Force ID: 145238. | |||||
| CVE-2019-5073 | 1 Wago | 4 Pfc 100, Pfc 100 Firmware, Pfc 200 and 1 more | 2019-12-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| An exploitable information exposure vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause an external tool to fail, resulting in uninitialized stack data to be copied to the response packet buffer. An attacker can send unauthenticated packets to trigger this vulnerability. | |||||
| CVE-2014-8566 | 2 Oracle, Uninett | 2 Linux, Mod Auth Mellon | 2019-12-27 | 6.4 MEDIUM | N/A |
| The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving "sessions overlapping in memory." | |||||
| CVE-2019-15580 | 1 Gitlab | 1 Gitlab | 2019-12-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted. | |||||
| CVE-2019-8567 | 1 Apple | 1 Iphone Os | 2019-12-20 | 5.0 MEDIUM | 7.5 HIGH |
| A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.2. A device may be passively tracked by its WiFi MAC address. | |||||
| CVE-2019-8620 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2019-12-20 | 5.0 MEDIUM | 7.5 HIGH |
| A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A device may be passively tracked by its WiFi MAC address. | |||||
| CVE-2016-5430 | 1 Jose-php Project | 1 Jose-php | 2019-12-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA). | |||||
| CVE-2016-5429 | 1 Jose-php Project | 1 Jose-php | 2019-12-19 | 4.3 MEDIUM | 3.7 LOW |
| jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and JWS.php. | |||||
| CVE-2012-1105 | 3 Apereo, Debian, Fedoraproject | 3 Phpcas, Debian Linux, Fedora | 2019-12-17 | 2.1 LOW | 5.5 MEDIUM |
| An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner. | |||||
| CVE-2019-15733 | 1 Gitlab | 1 Gitlab | 2019-12-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users. | |||||
| CVE-2016-5409 | 1 Redhat | 1 Openshift | 2019-12-17 | 5.0 MEDIUM | 7.5 HIGH |
| Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies. | |||||
| CVE-2015-5320 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2019-12-17 | 5.0 MEDIUM | N/A |
| Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave. | |||||
| CVE-2015-5321 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2019-12-17 | 5.0 MEDIUM | N/A |
| The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages. | |||||
| CVE-2014-0242 | 1 Modwsgi | 1 Mod Wsgi | 2019-12-17 | 4.3 MEDIUM | 7.5 HIGH |
| mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread. | |||||
| CVE-2019-0405 | 1 Sap | 1 Enable Now | 2019-12-17 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure. | |||||
| CVE-2019-1463 | 1 Microsoft | 2 Office, Office 365 Proplus | 2019-12-16 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1400. | |||||
| CVE-2019-1487 | 1 Microsoft | 1 Authentication Library | 2019-12-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability in Android Apps using Microsoft Authentication Library (MSAL) 0.3.1-Alpha or later exists under specific conditions, aka 'Microsoft Authentication Library for Android Information Disclosure Vulnerability'. | |||||