Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6700 | 1 Fortinet | 1 Fortisiem | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code. | |||||
| CVE-2020-6954 | 1 Cayintech | 2 Smp-pro4, Smp-pro4 Firmware | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a media_folder.cgi?apply_mode=ping_server URI. | |||||
| CVE-2020-0488 | 1 Google | 1 Android | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ihevc_inter_pred_chroma_copy_ssse3 of ihevc_inter_pred_filters_ssse3_intr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158484516 | |||||
| CVE-2019-15656 | 1 D-link | 4 Dsl-2875al, Dsl-2875al Firmware, Dsl-2877al and 1 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of username_v and password_v variables. | |||||
| CVE-2020-1026 | 1 Microsoft | 1 Research Javascript Cryptography Library | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library’s Elliptic Curve Cryptography (ECC) implementation.An attacker could potentially abuse these bugs to learn information about a server’s private ECC key (a key leakage attack) or craft an invalid ECDSA signature that nevertheless passes as valid.The security update addresses the vulnerability by fixing the bugs disclosed in the ECC implementation, aka 'MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability'. | |||||
| CVE-2020-29043 | 1 Bigbluebutton | 1 Bigbluebutton | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in BigBlueButton through 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an email address that has an arbitrary domain name. | |||||
| CVE-2020-5197 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 3.5 LOW | 4.3 MEDIUM |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control. | |||||
| CVE-2020-15931 | 1 Netwrix | 1 Account Lockout Examiner | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in its installation state) by generating a single Kerberos Pre-Authentication Failed (ID 4771) event on a Domain Controller. | |||||
| CVE-2020-3643 | 1 Qualcomm | 116 Apq8009, Apq8009 Firmware, Apq8017 and 113 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| u'Information disclosure issue can occur due to partial secure display-touch session tear-down' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096AU, APQ8098, IPQ6018, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2020-28333 | 1 Barco | 2 Wepresent Wipg-1600w, Wepresent Wipg-1600w Firmware | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET requests. Thus the "SEID" would be exposed in web proxy logs and browser history. An attacker that is able to capture the "SEID" and originate requests from the same IP address (via a NAT device or web proxy) would be able to access the user interface of the device without having to know the credentials. | |||||
| CVE-2019-7434 | 1 Rental Bike Script Project | 1 Rental Bike Script | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory. | |||||
| CVE-2019-7429 | 1 Property Rental Software Project | 1 Property Rental Software | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Property Rental Software 2.1.4 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2016/08 directory. | |||||
| CVE-2019-7431 | 1 Image Sharing Script Project | 1 Image Sharing Script | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal via a direct request for a listing of an uploads directory. | |||||
| CVE-2020-6178 | 1 Sap | 1 Enable Now | 2021-07-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure. | |||||
| CVE-2020-4913 | 1 Ibm | 1 Cloud Pak System | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288. | |||||
| CVE-2019-7436 | 1 Opensource Classified Ads Script Project | 1 Opensource Classified Ads Script | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory. | |||||
| CVE-2019-20615 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Attackers can bypass Factory Reset Protection (FRP) via SVoice T&C. The Samsung ID is SVE-2018-13547 (March 2019). | |||||
| CVE-2020-27403 | 1 Tcl | 14 32s330, 32s330 Firmware, 40s330 and 11 more | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows an attacker on the adjacent network to arbitrarily browse and download sensitive files over an insecure web server running on port 7989 that lists all files & directories. An unprivileged remote attacker on the adjacent network, can download most system files, leading to serious critical information disclosure. Also, some TV models and/or FW versions may expose the webserver with the entire filesystem accessible on another port. For example, nmap scan for all ports run directly from the TV model U43P6046 (Android 8.0) showed port 7983 not mentioned in the original CVE description, but containing the same directory listing of the entire filesystem. This webserver is bound (at least) to localhost interface and accessible freely to all unprivileged installed apps on the Android such as a regular web browser. Any app can therefore read any files of any other apps including Android system settings including sensitive data such as saved passwords, private keys etc. | |||||
| CVE-2020-10997 | 1 Percona | 1 Xtrabackup | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Percona XtraBackup before 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. | |||||
| CVE-2020-26415 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab >=12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2. | |||||