Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1099 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2020-09-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095, CVE-2019-1098, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116. | |||||
| CVE-2018-0855 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2020-09-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0755, CVE-2018-0760, and CVE-2018-0761. | |||||
| CVE-2013-3185 | 1 Microsoft | 3 Active Directory Federation Services, Windows Server 2008, Windows Server 2012 | 2020-09-28 | 5.0 MEDIUM | N/A |
| Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote attackers to obtain sensitive information about the service account, and possibly conduct account-lockout attacks, by connecting to an endpoint, aka "AD FS Information Disclosure Vulnerability." | |||||
| CVE-2019-1100 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2020-09-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095, CVE-2019-1098, CVE-2019-1099, CVE-2019-1101, CVE-2019-1116. | |||||
| CVE-2019-1098 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2020-09-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116. | |||||
| CVE-2017-0258 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2020-09-28 | 1.9 LOW | 4.7 MEDIUM |
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0220, and CVE-2017-0259. | |||||
| CVE-2019-1095 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-09-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116. | |||||
| CVE-2018-12923 | 1 Bwssystems | 1 Ha Bridge | 2020-09-16 | 5.0 MEDIUM | 7.5 HIGH |
| BWS Systems HA-Bridge devices allow remote attackers to obtain potentially sensitive information via a direct request for the #!/system URI. | |||||
| CVE-2020-15790 | 1 Siemens | 1 Spectrum Power 4 | 2020-09-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). If configured in an insecure manner, the web server might be susceptible to a directory listing attack. | |||||
| CVE-2013-6052 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 5.0 MEDIUM | N/A |
| OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read. | |||||
| CVE-2018-0288 | 1 Cisco | 1 Webex Meetings Online | 2020-09-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in Cisco WebEx Recording Format (WRF) Player could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WRF Player. An attacker could exploit this vulnerability by utilizing a maliciously crafted file that could bypass checks in the code and enable an attacker to read memory from outside the bounds of the mapped file. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, and Cisco WebEx WRF players. Cisco Bug IDs: CSCvh89107, CSCvh89113, CSCvh89132, CSCvh89142. | |||||
| CVE-2011-3147 | 1 Openstack | 1 Nova | 2020-09-03 | 5.0 MEDIUM | 8.6 HIGH |
| Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem. | |||||
| CVE-2017-6318 | 2 Opensuse, Sane-backends Project | 2 Leap, Sane-backends | 2020-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet. | |||||
| CVE-2019-3756 | 1 Rsa | 1 Archer | 2020-08-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions. | |||||
| CVE-2019-3422 | 1 Zte | 2 Mf910s, Mf910s Firmware | 2020-08-28 | 1.9 LOW | 6.2 MEDIUM |
| The Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to ZTE PSIRT in October 2019. Through the analysis of related product team, the information disclosure vulnerability is confirmed. The MF910S product's one-click upgrade tool can obtain the Telnet remote login password in the reverse way. If Telnet is opened, the attacker can remotely log in to the device through the cracked password, resulting in information leakage. The MF910S was end of service on October 23, 2019, ZTE recommends users to choose new products for the purpose of better security. | |||||
| CVE-2019-4444 | 1 Ibm | 1 Api Connect | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. IBM X-Force ID: 163453. | |||||
| CVE-2019-20638 | 1 Netgear | 2 Mr1100, Mr1100 Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of administrative credentials. | |||||
| CVE-2019-7388 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achieve information disclosure without authentication. | |||||
| CVE-2019-15859 | 1 Socomec | 2 Diris A-40, Diris A-40 Firmware | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI. | |||||
| CVE-2018-20483 | 1 Gnu | 1 Wget | 2020-08-24 | 2.1 LOW | 7.8 HIGH |
| set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl. | |||||