Total
96 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36786 | 1 Miniorange | 1 Saml | 2021-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys. | |||||
| CVE-2020-4871 | 1 Ibm | 1 Planning Analytics | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834. | |||||
| CVE-2020-4650 | 1 Ibm | 1 Maximo Spatial Asset Management | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023. | |||||
| CVE-2020-4171 | 1 Ibm | 1 Security Guardium Insights | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174407. | |||||
| CVE-2021-36127 | 1 Mediawiki | 1 Mediawiki | 2021-07-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts (which are supposed to be completely hidden). | |||||
| CVE-2021-22914 | 1 Citrix | 1 Cloud Connector | 2021-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer. | |||||
| CVE-2021-28815 | 1 Qnap | 4 Myqnapcloud Link, Qts, Quts Hero and 1 more | 2021-06-23 | 4.0 MEDIUM | 4.9 MEDIUM |
| Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4. | |||||
| CVE-2021-20396 | 1 Ibm | 1 Security Qradar Analyst Workflow | 2021-06-21 | 2.1 LOW | 3.3 LOW |
| IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009. | |||||
| CVE-2021-25404 | 1 Samsung | 2 Smartthings, Smartthings Firmware | 2021-06-21 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log. | |||||
| CVE-2021-25402 | 1 Samsung | 1 Notes | 2021-06-21 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information. | |||||
| CVE-2020-5008 | 1 Ibm | 1 Datapower Gateway | 2021-06-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 193033. | |||||
| CVE-2021-20575 | 1 Ibm | 2 Application Gateway, Security Verify Access | 2021-06-07 | 2.1 LOW | 3.3 LOW |
| IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278. | |||||
| CVE-2020-28911 | 1 Nagios | 1 Fusion | 2021-06-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php. | |||||
| CVE-2020-4765 | 1 Ibm | 1 Cloud Pak For Multicloud Management | 2021-05-26 | 2.1 LOW | 3.3 LOW |
| IBM Cloud Pak for Multicloud Management prior to 2.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 188902. | |||||
| CVE-2021-20391 | 1 Ibm | 1 Qradar User Behavior Analytics | 2021-05-20 | 2.1 LOW | 3.3 LOW |
| IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999. | |||||
| CVE-2020-4726 | 1 Ibm | 1 Cloud Application Performance Management | 2021-03-08 | 2.1 LOW | 3.3 LOW |
| The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975. | |||||
| CVE-2021-27170 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-11 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet. | |||||
| CVE-2021-25776 | 1 Jetbrains | 1 Teamcity | 2021-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters. | |||||
| CVE-2020-29603 | 2 Mantisbt, Microsoft | 2 Mantisbt, Windows | 2021-01-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them. | |||||
| CVE-2020-4674 | 1 Ibm | 1 Workload Automation | 2021-01-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287. | |||||