Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6078 | 1 W3-edge | 1 Total Cache | 2019-12-04 | 5.0 MEDIUM | 7.5 HIGH |
| W3 Total Cache before 0.9.2.5 generates hash keys insecurely which allows remote attackers to predict the values of the hashes. | |||||
| CVE-2012-6077 | 1 W3-edge | 1 Total Cache | 2019-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| W3 Total Cache before 0.9.2.5 allows remote attackers to retrieve password hash information due to insecure storage of database cache files. | |||||
| CVE-2019-18461 | 1 Gitlab | 1 Gitlab | 2019-12-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control. | |||||
| CVE-2015-6495 | 1 Cloudera | 1 Cloudera Manager | 2019-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles. | |||||
| CVE-2019-5880 | 1 Google | 1 Chrome | 2019-12-02 | 4.3 MEDIUM | 7.4 HIGH |
| Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2019-10223 | 3 Kubernetes, Linux, Redhat | 3 Kube-state-metrics, Linux Kernel, Openshift Container Platform | 2019-11-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of the default `kubectl` behavior and this new feature can cause the entire secret content to end up in metric labels thus inadvertently exposing the secret content in metrics. This feature has been reverted and released as the v1.7.2 release. If you are running the v1.7.0 or v1.7.1 release, please upgrade to the v1.7.2 release as soon as possible. | |||||
| CVE-2019-18460 | 1 Gitlab | 1 Gitlab | 2019-11-27 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control. | |||||
| CVE-2013-3314 | 1 Loftek | 2 Nexus 543, Nexus 543 Firmware | 2019-11-27 | 5.0 MEDIUM | 7.5 HIGH |
| The Loftek Nexus 543 IP Camera allows remote attackers to obtain (1) IP addresses via a request to get_realip.cgi or (2) firmware versions (ui and system), timestamp, serial number, p2p port number, and wifi status via a request to get_status.cgi. | |||||
| CVE-2018-1999033 | 1 Anchore | 1 Container Image Scanner | 2019-11-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead permission or file system access to the Jenkins master to obtain the password stored in this plugin's configuration. | |||||
| CVE-2019-18987 | 1 Mediawiki | 1 Abusefilter | 2019-11-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Once a specific abuse filter has (accidentally or otherwise) been made public, its previous versions can be exposed, thus potentially disclosing private or sensitive information within the filter's definition. | |||||
| CVE-2012-1155 | 4 Debian, Fedoraproject, Moodle and 1 more | 4 Debian Linux, Fedora, Moodle and 1 more | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to | |||||
| CVE-2015-3167 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack. | |||||
| CVE-2012-0843 | 2 Debian, Uzbl | 2 Debian Linux, Uzbl | 2019-11-22 | 2.1 LOW | 5.5 MEDIUM |
| uzbl: Information disclosure via world-readable cookies storage file | |||||
| CVE-2019-6852 | 1 Schneider-electric | 20 140 Cpu6x, 140 Cpu6x Firmware, 140 Noc 77101 and 17 more | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network. | |||||
| CVE-2011-4919 | 1 Mpack Project | 1 Mpack | 2019-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| mpack 1.6 has information disclosure via eavesdropping on mails sent by other users | |||||
| CVE-2013-1817 | 4 Debian, Fedoraproject, Mediawiki and 1 more | 4 Debian Linux, Fedora, Mediawiki and 1 more | 2019-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. | |||||
| CVE-2011-3791 | 1 Matomo | 1 Matomo | 2019-11-21 | 5.0 MEDIUM | N/A |
| Piwik 1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Widgetize/Widgetize.php and certain other files. | |||||
| CVE-2019-19022 | 1 Iterm2 | 1 Iterm2 | 2019-11-19 | 5.0 MEDIUM | 7.5 HIGH |
| iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git repositories. | |||||
| CVE-2017-5803 | 1 Hp | 2 Nonstop Server, Nonstop Server Software | 2019-11-19 | 7.8 HIGH | 7.5 HIGH |
| A Remote Disclosure of Information vulnerability in HPE NonStop Servers using SSH Service version L series: T0801L02 through T0801L02^ABX; J and H series: T0801H01 through T0801H01^ACA was found. | |||||
| CVE-2012-1158 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2019-11-18 | 4.0 MEDIUM | 4.3 MEDIUM |
| Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export | |||||