Total
7971 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3864 | 2 Puppet, Puppetlabs | 3 Puppet, Puppet Enterprise, Puppet | 2019-07-10 | 4.0 MEDIUM | N/A |
| Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request. | |||||
| CVE-2015-7328 | 1 Puppet | 1 Puppet Enterprise | 2019-07-10 | 1.9 LOW | 4.7 MEDIUM |
| Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-6329 | 1 Openvpn | 1 Openvpn | 2019-07-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. | |||||
| CVE-2019-13075 | 1 Torproject | 1 Tor Browser | 2019-07-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68. | |||||
| CVE-2019-13055 | 1 Logitech | 4 K360, K360 Firmware, Unifying Receiver and 1 more | 2019-07-08 | 3.3 LOW | 6.5 MEDIUM |
| Certain Logitech Unifying devices allow attackers to dump AES keys and addresses, leading to the capability of live decryption of Radio Frequency transmissions, as demonstrated by an attack against a Logitech K360 keyboard. | |||||
| CVE-2018-14865 | 1 Odoo | 1 Odoo | 2019-07-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier does not use secure options when passing documents to wkhtmltopdf, which allows remote attackers to read local files. | |||||
| CVE-2015-4033 | 1 Samsung | 1 S-beam | 2019-07-03 | 3.3 LOW | N/A |
| Samsung SBeam allows remote attackers to read arbitrary images by leveraging an NFC connection to access the HTTP server on port 15000. | |||||
| CVE-2014-9699 | 1 Makerbot | 2 Replicator 5th Generation, Replicator 5th Generation Firmware | 2019-07-03 | 5.0 MEDIUM | 7.5 HIGH |
| The MakerBot Replicator 5G printer runs an Apache HTTP Server with directory indexing enabled. Apache logs, system logs, design files (i.e., a history of print files), and more are exposed to unauthenticated attackers through this HTTP server. | |||||
| CVE-2016-7404 | 1 Openstack | 1 Magnum | 2019-06-26 | 7.5 HIGH | 9.8 CRITICAL |
| OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform. | |||||
| CVE-2016-3954 | 1 Web2py | 1 Web2py | 2019-06-21 | 2.1 LOW | 5.5 MEDIUM |
| web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957. | |||||
| CVE-2018-15665 | 1 Cloudera | 1 Data Science Workbench | 2019-06-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.2.x through 1.4.0. Unauthenticated users can get a list of user accounts. | |||||
| CVE-2017-8337 | 1 Securifi | 6 Almond, Almond\+, Almond\+firmware and 3 more | 2019-06-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of executing various actions on the web management interface. It seems that the device does not implement any Origin header check which allows an attacker who can trick a user to navigate to an attacker's webpage to exploit this issue and brute force the password for the web management interface. It also allows an attacker to then execute any other actions which include management if rules, sensors attached to the devices using the websocket requests. | |||||
| CVE-2019-11233 | 1 Eic | 1 Biyan | 2019-06-21 | 5.0 MEDIUM | 7.5 HIGH |
| EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information without being authenticated, by sending a LOGIN_ID element to the auth/main/asp/check_user_login_info.aspx URI, and then reading the response, as demonstrated by the KW_EMAIL or KW_TEL field. | |||||
| CVE-2018-2008 | 1 Ibm | 1 Tririga Application Platform | 2019-06-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 could disclose sensitive information to an authenticated user that could aid in further attacks against the system. IBM X-Force ID: 155146. | |||||
| CVE-2017-10719 | 1 Ishekar | 2 Endoscope Camera, Endoscope Camera Firmware | 2019-06-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has default Wi-Fi credentials that are exactly the same for every device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. | |||||
| CVE-2017-8533 | 1 Microsoft | 8 Office, Windows 10, Windows 7 and 5 more | 2019-06-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8532. | |||||
| CVE-2015-5041 | 3 Ibm, Redhat, Suse | 6 Java Sdk, Websphere Application Server, Satellite and 3 more | 2019-06-19 | 6.4 MEDIUM | 9.1 CRITICAL |
| The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods. | |||||
| CVE-2015-5006 | 3 Ibm, Redhat, Suse | 9 Java 2 Sdk, Java Sdk, Enterprise Linux Desktop and 6 more | 2019-06-19 | 2.1 LOW | N/A |
| IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache. | |||||
| CVE-2019-11407 | 1 Fusionpbx | 1 Fusionpbx | 2019-06-18 | 4.0 MEDIUM | 7.2 HIGH |
| app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated administrative attackers to obtain credentials and other sensitive information. | |||||
| CVE-2018-11942 | 1 Qualcomm | 66 Ipq4019, Ipq4019 Firmware, Ipq8064 and 63 more | 2019-06-18 | 2.1 LOW | 5.5 MEDIUM |
| Failure to initialize the reserved memory which is sent to the firmware might lead to exposure of 1 byte of uninitialized kernel SKB memory to FW in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24 | |||||