Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1426 | 2 Puppet, Puppetlabs | 2 Facter, Facter | 2019-07-11 | 2.1 LOW | N/A |
| Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node. | |||||
| CVE-2016-10073 | 1 Vanillaforums | 1 Vanilla | 2019-07-11 | 5.0 MEDIUM | 7.5 HIGH |
| The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request. | |||||
| CVE-2013-4959 | 1 Puppet | 1 Puppet Enterprise | 2019-07-10 | 2.1 LOW | N/A |
| Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as (1) host name, (2) MAC address, and (3) SSH keys via the web browser cache. | |||||
| CVE-2013-4961 | 1 Puppet | 1 Puppet Enterprise | 2019-07-10 | 5.0 MEDIUM | N/A |
| Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2014-3249 | 1 Puppet | 1 Puppet Enterprise | 2019-07-10 | 5.0 MEDIUM | N/A |
| Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain sensitive information via vectors involving hiding and unhiding nodes. | |||||
| CVE-2014-9355 | 1 Puppet | 1 Puppet Enterprise | 2019-07-10 | 4.0 MEDIUM | N/A |
| Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint. | |||||
| CVE-2012-3864 | 2 Puppet, Puppetlabs | 3 Puppet, Puppet Enterprise, Puppet | 2019-07-10 | 4.0 MEDIUM | N/A |
| Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request. | |||||
| CVE-2015-7328 | 1 Puppet | 1 Puppet Enterprise | 2019-07-10 | 1.9 LOW | 4.7 MEDIUM |
| Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-6329 | 1 Openvpn | 1 Openvpn | 2019-07-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. | |||||
| CVE-2019-13075 | 1 Torproject | 1 Tor Browser | 2019-07-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68. | |||||
| CVE-2019-13055 | 1 Logitech | 4 K360, K360 Firmware, Unifying Receiver and 1 more | 2019-07-08 | 3.3 LOW | 6.5 MEDIUM |
| Certain Logitech Unifying devices allow attackers to dump AES keys and addresses, leading to the capability of live decryption of Radio Frequency transmissions, as demonstrated by an attack against a Logitech K360 keyboard. | |||||
| CVE-2018-14865 | 1 Odoo | 1 Odoo | 2019-07-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier does not use secure options when passing documents to wkhtmltopdf, which allows remote attackers to read local files. | |||||
| CVE-2018-20811 | 1 Pulsesecure | 1 Pulse Connect Secure | 2019-07-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| A hidden RPC service issue was found with Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2 and 8.1RX before 8.1R12. | |||||
| CVE-2015-4033 | 1 Samsung | 1 S-beam | 2019-07-03 | 3.3 LOW | N/A |
| Samsung SBeam allows remote attackers to read arbitrary images by leveraging an NFC connection to access the HTTP server on port 15000. | |||||
| CVE-2014-9699 | 1 Makerbot | 2 Replicator 5th Generation, Replicator 5th Generation Firmware | 2019-07-03 | 5.0 MEDIUM | 7.5 HIGH |
| The MakerBot Replicator 5G printer runs an Apache HTTP Server with directory indexing enabled. Apache logs, system logs, design files (i.e., a history of print files), and more are exposed to unauthenticated attackers through this HTTP server. | |||||
| CVE-2017-9795 | 1 Apache | 1 Geode | 2019-07-02 | 6.0 MEDIUM | 7.5 HIGH |
| When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote code execution. | |||||
| CVE-2018-6159 | 1 Google | 1 Chrome | 2019-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2018-6150 | 1 Google | 1 Chrome | 2019-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2018-6168 | 1 Google | 1 Chrome | 2019-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2018-6177 | 1 Google | 1 Chrome | 2019-06-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||