Total
193 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34765 | 1 Cisco | 1 Nexus Insights | 2021-09-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote attacker to view and download files related to the web application. The attacker requires valid device credentials. This vulnerability exists because proper role-based access control (RBAC) filters are not applied to file download actions. An attacker could exploit this vulnerability by logging in to the application and then navigating to the directory listing and download functions. A successful exploit could allow the attacker to download sensitive files that should be restricted, which could result in disclosure of sensitive information. | |||||
| CVE-2019-7305 | 3 Canonical, Debian, Extplorer | 3 Ubuntu Linux, Debian Linux, Extplorer | 2021-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian | |||||
| CVE-2021-36233 | 1 Unit4 | 1 Mik.starlight | 2021-09-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path. | |||||
| CVE-2021-1512 | 1 Cisco | 22 Sd-wan Vbond Orchestrator, Sd-wan Vmanage, Vedge-100b and 19 more | 2021-08-27 | 3.6 LOW | 6.0 MEDIUM |
| A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-supplied input parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content in any arbitrary files that reside on the underlying host file system. | |||||
| CVE-2020-22124 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2021-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sensitive information. | |||||
| CVE-2021-38711 | 1 Gitit Project | 1 Gitit | 2021-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files. | |||||
| CVE-2020-25351 | 1 Rconfig | 1 Rconfig | 2021-08-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote authenticated attackers to read files on the system via a crafted request sent to to the /lib/crud/configcompare.crud.php script. | |||||
| CVE-2021-37348 | 1 Nagios | 1 Nagios Xi | 2021-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php. | |||||
| CVE-2021-36763 | 1 Codesys | 7 Control, Control Rte, Control Runtime System Toolkit and 4 more | 2021-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. | |||||
| CVE-2021-32752 | 1 Ethercreative | 1 Logs | 2021-07-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access. | |||||
| CVE-2020-10105 | 1 Zammad | 1 Zammad | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Zammad 3.0 through 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code allows for an attacker to formulate more precise attacks. Source code was disclosed for the file 404.html (/zammad/public/404.html) | |||||
| CVE-2019-19018 | 1 Titanhq | 1 Webtitan | 2021-07-21 | 4.0 MEDIUM | 2.7 LOW |
| An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using. | |||||
| CVE-2019-19843 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache. | |||||
| CVE-2019-20529 | 1 Frappe | 1 Frappe | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files (no authentication is required to access; having a link is sufficient) instead of private files. | |||||
| CVE-2019-20593 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks Private Mode thumbnails. The Samsung ID is SVE-2019-14208 (July 2019). | |||||
| CVE-2020-35658 | 1 Titanhq | 1 Spamtitan | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted. | |||||
| CVE-2019-4398 | 1 Ibm | 2 Cloud Orchestrator, Cloud Orchestrator Enterprise | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. IBM X-Force ID: 162259. | |||||
| CVE-2019-7306 | 2 Byobu, Canonical | 2 Byobu, Ubuntu Linux | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu | |||||
| CVE-2020-24312 | 1 Webdesi9 | 1 File Manager | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken. | |||||
| CVE-2015-1350 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2021-07-15 | 2.1 LOW | 5.5 MEDIUM |
| The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. | |||||