Total
133 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-3684 | 1 Suse | 1 Manager | 2020-12-03 | 5.9 Medium |
SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem | ||||
CVE-2019-19557 | 1 Harman | 1 Hermes | 2020-11-30 | 2.4 Low |
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct physical access to device hardware to obtain cellular modem information. | ||||
CVE-2019-19561 | 1 Harman | 1 Hermes | 2020-11-30 | 2.4 Low |
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information. | ||||
CVE-2020-4886 | 1 Ibm | 1 Infosphere Information Server | 2020-11-17 | 3.3 Low |
IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910. | ||||
CVE-2019-8790 | 1 Apple | 1 Swift | 2020-11-03 | 5.5 Medium |
This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure. | ||||
CVE-2020-13937 | 1 Apache | 1 Kylin | 2020-10-29 | 5.3 Medium |
Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone. | ||||
CVE-2019-5627 | 1 Bluecats | 1 Bc Reveal | 2020-10-16 | 7.8 High |
The iOS mobile application BlueCats Reveal before 5.14 stores the username and password in the app cache as base64 encoded strings, i.e. clear text. These persist in the cache even if the user logs out. This can allow an attacker to compromise the affected BlueCats network implementation. The attacker would first need to gain physical control of the iOS device or compromise it with a malicious app. | ||||
CVE-2019-5626 | 1 Bluecats | 1 Bluecats Reveal | 2020-10-16 | 7.8 High |
The Android mobile application BlueCats Reveal before 3.0.19 stores the username and password in a clear text file. This file persists until the user logs out or the session times out from non-usage (30 days of no user activity). This can allow an attacker to compromise the affected BlueCats network implementation. The attacker would first need to gain physical control of the Android device or compromise it with a malicious app. | ||||
CVE-2019-5625 | 1 Eaton | 1 Halo Home | 2020-10-16 | 7.1 High |
The Android mobile application Halo Home before 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. This file persists until the user logs out of the application and reboots the device. This vulnerability can allow an attacker to impersonate the legitimate user by reusing the stored OAuth token, thus allowing them to view and change the user's personal information stored in the backend cloud service. The attacker would first need to gain physical control of the Android device or compromise it with a malicious app. | ||||
CVE-2019-5633 | 1 Belwith-keeler | 1 Hickory Smart | 2020-10-16 | 5.5 Medium |
An insecure storage of sensitive information vulnerability is present in Hickory Smart for iOS mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for iOS, version 01.01.07 and prior versions. | ||||
CVE-2019-5632 | 1 Belwith-keeler | 1 Hickory Smart | 2020-10-16 | 5.5 Medium |
An insecure storage of sensitive information vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for Android, version 01.01.43 and prior versions. | ||||
CVE-2020-4315 | 1 Ibm | 1 Business Automation Content Analyzer On Cloud | 2020-10-01 | 4.3 Medium |
IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177234. | ||||
CVE-2020-26104 | 1 Cpanel | 1 Cpanel | 2020-09-29 | 7.5 High |
In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552). | ||||
CVE-2020-4344 | 1 Ibm | 1 Tivoli Business Service Manager | 2020-09-16 | 3.3 Low |
IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247. | ||||
CVE-2019-4695 | 1 Ibm | 1 Guardium Data Encryption | 2020-08-28 | 3.3 Low |
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926. | ||||
CVE-2018-20886 | 1 Cpanel | 1 Cpanel | 2020-08-24 | N/A |
cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418). | ||||
CVE-2019-12911 | 1 Rdbrck | 1 Shift | 2020-08-24 | N/A |
Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. | ||||
CVE-2019-12914 | 1 Rdbrck | 1 Shift | 2020-08-24 | N/A |
Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. | ||||
CVE-2020-4371 | 1 Ibm | 1 Verify Gateway | 2020-07-24 | 3.3 Low |
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008. | ||||
CVE-2020-8482 | 1 Abb | 1 Device Library Wizard | 2020-06-01 | 5.5 Medium |
Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data |