Total
6955 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-22176 | 1 Phpgurukul | 1 Hospital Management System In Php | 2021-06-24 | 5.0 MEDIUM | 7.5 HIGH |
PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information. | |||||
CVE-2021-22913 | 1 Nextcloud | 1 Deck | 2021-06-23 | 4.3 MEDIUM | 6.5 MEDIUM |
Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user. | |||||
CVE-2021-22905 | 1 Nextcloud | 1 Nextcloud | 2021-06-22 | 4.3 MEDIUM | 6.5 MEDIUM |
Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user. | |||||
CVE-2021-22749 | 1 Schneider-electric | 2 Modicon X80 Bmxnor0200h Rtu, Modicon X80 Bmxnor0200h Rtu Firmware | 2021-06-22 | 5.0 MEDIUM | 5.3 MEDIUM |
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially crafted HTTP request is sent to the web server of the module. | |||||
CVE-2021-22912 | 1 Nextcloud | 1 Nextcloud | 2021-06-22 | 4.3 MEDIUM | 6.5 MEDIUM |
Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user. | |||||
CVE-2021-34679 | 1 Thycotic | 1 Password Reset Server | 2021-06-21 | 5.0 MEDIUM | 7.5 HIGH |
Thycotic Password Reset Server before 5.3.0 allows credential disclosure. | |||||
CVE-2017-11435 | 1 Humaxdigital | 2 Hg100r, Hg100r Firmware | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating the session token while returning answers for some methods in url '/api'. An attacker can use this vulnerability to retrieve sensitive information such as private/public IP addresses, SSID names, and passwords. | |||||
CVE-2015-1857 | 1 Linuxfoundation | 1 Opendaylight | 2021-06-16 | 5.0 MEDIUM | 5.3 MEDIUM |
The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions. | |||||
CVE-2012-5624 | 3 Canonical, Digia, Qt | 3 Ubuntu Linux, Qt, Qt | 2021-06-16 | 4.3 MEDIUM | N/A |
The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application. | |||||
CVE-2016-3956 | 3 Ibm, Nodejs, Npmjs | 3 Sdk, Node.js, Npm | 2021-06-15 | 5.0 MEDIUM | 7.5 HIGH |
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers. | |||||
CVE-2021-33662 | 1 Sap | 1 Business One | 2021-06-15 | 2.1 LOW | 4.4 MEDIUM |
Under certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive information on the file system allowing an attacker to access information which would otherwise be restricted. | |||||
CVE-2018-18566 | 1 Polycom | 5 Unified Communications Software, Vvx 500, Vvx 500 Firmware and 2 more | 2021-06-15 | 5.0 MEDIUM | 5.3 MEDIUM |
The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business. | |||||
CVE-2021-20259 | 1 Theforeman | 1 Foremanfogproxmox | 2021-06-15 | 4.6 MEDIUM | 7.8 HIGH |
A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Versions before foreman_fog_proxmox 0.13.1 are affected | |||||
CVE-2019-10246 | 4 Eclipse, Microsoft, Netapp and 1 more | 26 Jetty, Windows, Element and 23 more | 2021-06-14 | 5.0 MEDIUM | 5.3 MEDIUM |
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories. | |||||
CVE-2021-31960 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2021-06-11 | 2.1 LOW | 5.5 MEDIUM |
Windows Bind Filter Driver Information Disclosure Vulnerability | |||||
CVE-2020-14371 | 1 Redhat | 1 Satellite | 2021-06-11 | 4.0 MEDIUM | 6.5 MEDIUM |
A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite. | |||||
CVE-2020-7506 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2021-06-11 | 5.0 MEDIUM | 7.5 HIGH |
A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure. | |||||
CVE-2017-8761 | 1 Openstack | 1 Swift | 2021-06-11 | 4.0 MEDIUM | 4.3 MEDIUM |
In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected. | |||||
CVE-2021-31975 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2021-06-11 | 7.8 HIGH | 7.5 HIGH |
Server for NFS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-31976. | |||||
CVE-2021-31976 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2021-06-11 | 7.8 HIGH | 7.5 HIGH |
Server for NFS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-31975. |