Total
7971 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0105 | 1 Cisco | 1 Unified Communications Manager | 2020-09-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvf20269. | |||||
| CVE-2018-15964 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-15962 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2011-3147 | 1 Openstack | 1 Nova | 2020-09-03 | 5.0 MEDIUM | 8.6 HIGH |
| Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem. | |||||
| CVE-2017-6318 | 2 Opensuse, Sane-backends Project | 2 Leap, Sane-backends | 2020-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet. | |||||
| CVE-2018-15407 | 1 Cisco | 1 Hyperflex Hx Data Platform | 2020-08-31 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could exploit this vulnerability by accessing the residual installation files on an affected system. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. | |||||
| CVE-2019-3756 | 1 Rsa | 1 Archer | 2020-08-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions. | |||||
| CVE-2018-0474 | 1 Cisco | 1 Unified Communications Manager | 2020-08-28 | 4.0 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages. An attacker could exploit this vulnerability by logging in to the Cisco Unified Communications Manager web-based management interface and viewing the source code for the configuration page. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack. | |||||
| CVE-2019-3422 | 1 Zte | 2 Mf910s, Mf910s Firmware | 2020-08-28 | 1.9 LOW | 6.2 MEDIUM |
| The Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to ZTE PSIRT in October 2019. Through the analysis of related product team, the information disclosure vulnerability is confirmed. The MF910S product's one-click upgrade tool can obtain the Telnet remote login password in the reverse way. If Telnet is opened, the attacker can remotely log in to the device through the cracked password, resulting in information leakage. The MF910S was end of service on October 23, 2019, ZTE recommends users to choose new products for the purpose of better security. | |||||
| CVE-2012-3976 | 5 Canonical, Mozilla, Opensuse and 2 more | 13 Ubuntu Linux, Firefox, Firefox Esr and 10 more | 2020-08-26 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page. | |||||
| CVE-2018-18941 | 1 Vignette | 1 Content Management | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| In Vignette Content Management version 6, it is possible to gain remote access to administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code, and then creating a privileged user account. NOTE: this product is discontinued. | |||||
| CVE-2019-4444 | 1 Ibm | 1 Api Connect | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. IBM X-Force ID: 163453. | |||||
| CVE-2019-15085 | 1 Prise | 1 Adas | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form. | |||||
| CVE-2019-20646 | 1 Netgear | 2 Rax40, Rax40 Firmware | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of administrative credentials. | |||||
| CVE-2018-4217 | 1 Apple | 1 Mac Os X | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was addressed with improved indexing. | |||||
| CVE-2019-9225 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 5 of 5). | |||||
| CVE-2019-14666 | 1 Glpi-project | 1 Glpi | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any user. This vulnerability can be exploited to take control of admin account. This vulnerability could be also abused to obtain other sensitive fields like API keys or password hashes. | |||||
| CVE-2019-1470 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2020-08-24 | 4.0 MEDIUM | 6.0 MEDIUM |
| An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'. | |||||
| CVE-2019-19983 | 1 Fastvelocity | 1 Minify | 2020-08-24 | 3.5 LOW | 4.3 MEDIUM |
| In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running WordPress application can be discovered. In order to exploit this vulnerability, FVM Debug Mode needs to be enabled and an admin-ajax request needs to call the fastvelocity_min_files action. | |||||
| CVE-2018-20371 | 1 Photorange Photo Vault Project | 1 Photorange Photo Vault | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote attackers to bypass intended GET restrictions via a brute-force approach, as demonstrated by "GET /login.html__passwd1" and "GET /login.html__passwd2" and so on. | |||||