Total
96 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4673 | 1 Ibm | 1 Workload Automation | 2021-01-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286. | |||||
| CVE-2020-9202 | 1 Huawei | 1 Te Mobile | 2020-12-28 | 2.1 LOW | 4.4 MEDIUM |
| There is an information disclosure vulnerability in TE Mobile software versions V600R006C10,V600R006C10SPC100. Due to the improper storage of some information in certain specific scenario, the attacker can gain information in the victim's device to launch the attack, successful exploit could cause information disclosure. | |||||
| CVE-2020-26176 | 1 Tangro | 1 Business Workflow | 2020-12-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in tangro Business Workflow before 1.18.1. No (or broken) access control checks exist on the /api/document/<DocumentID>/attachments API endpoint. Knowing a document ID, an attacker can list all the attachments of a workitem, including their respective IDs. This allows the attacker to gather valid attachment IDs for workitems that do not belong to them. | |||||
| CVE-2020-4906 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2020-12-17 | 2.1 LOW | 3.3 LOW |
| IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system. | |||||
| CVE-2019-3684 | 1 Suse | 1 Manager | 2020-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem | |||||
| CVE-2019-19557 | 1 Harman | 1 Hermes | 2020-11-29 | 2.1 LOW | 2.4 LOW |
| A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct physical access to device hardware to obtain cellular modem information. | |||||
| CVE-2019-19561 | 1 Harman | 1 Hermes | 2020-11-29 | 2.1 LOW | 2.4 LOW |
| A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information. | |||||
| CVE-2020-4886 | 1 Ibm | 1 Infosphere Information Server | 2020-11-17 | 2.1 LOW | 3.3 LOW |
| IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910. | |||||
| CVE-2019-8790 | 1 Apple | 1 Swift | 2020-11-03 | 2.1 LOW | 5.5 MEDIUM |
| This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure. | |||||
| CVE-2020-13937 | 1 Apache | 1 Kylin | 2020-10-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone. | |||||
| CVE-2019-5633 | 1 Belwith-keeler | 1 Hickory Smart | 2020-10-16 | 2.1 LOW | 5.5 MEDIUM |
| An insecure storage of sensitive information vulnerability is present in Hickory Smart for iOS mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for iOS, version 01.01.07 and prior versions. | |||||
| CVE-2019-5632 | 1 Belwith-keeler | 1 Hickory Smart | 2020-10-16 | 2.1 LOW | 5.5 MEDIUM |
| An insecure storage of sensitive information vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for Android, version 01.01.43 and prior versions. | |||||
| CVE-2020-4315 | 1 Ibm | 1 Business Automation Content Analyzer On Cloud | 2020-10-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177234. | |||||
| CVE-2020-26104 | 1 Cpanel | 1 Cpanel | 2020-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552). | |||||
| CVE-2020-4344 | 1 Ibm | 1 Tivoli Business Service Manager | 2020-09-15 | 2.1 LOW | 3.3 LOW |
| IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247. | |||||
| CVE-2019-4695 | 1 Ibm | 1 Guardium Data Encryption | 2020-08-28 | 2.1 LOW | 3.3 LOW |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926. | |||||
| CVE-2019-12911 | 1 Rdbrck | 1 Shift | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. | |||||
| CVE-2019-12914 | 1 Rdbrck | 1 Shift | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. | |||||
| CVE-2018-20886 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 4.6 MEDIUM | 5.3 MEDIUM |
| cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418). | |||||
| CVE-2020-4371 | 1 Ibm | 1 Verify Gateway | 2020-07-24 | 2.1 LOW | 3.3 LOW |
| IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008. | |||||