Total
220 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-5625 | 1 Eaton | 1 Halo Home | 2024-08-04 | 7.1 High |
| The Android mobile application Halo Home before 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. This file persists until the user logs out of the application and reboots the device. This vulnerability can allow an attacker to impersonate the legitimate user by reusing the stored OAuth token, thus allowing them to view and change the user's personal information stored in the backend cloud service. The attacker would first need to gain physical control of the Android device or compromise it with a malicious app. | ||||
| CVE-2019-5627 | 1 Bluecats | 1 Bc Reveal | 2024-08-04 | 7.8 High |
| The iOS mobile application BlueCats Reveal before 5.14 stores the username and password in the app cache as base64 encoded strings, i.e. clear text. These persist in the cache even if the user logs out. This can allow an attacker to compromise the affected BlueCats network implementation. The attacker would first need to gain physical control of the iOS device or compromise it with a malicious app. | ||||
| CVE-2019-5626 | 1 Bluecats | 1 Bluecats Reveal | 2024-08-04 | 7.8 High |
| The Android mobile application BlueCats Reveal before 3.0.19 stores the username and password in a clear text file. This file persists until the user logs out or the session times out from non-usage (30 days of no user activity). This can allow an attacker to compromise the affected BlueCats network implementation. The attacker would first need to gain physical control of the Android device or compromise it with a malicious app. | ||||
| CVE-2020-29603 | 2 Mantisbt, Microsoft | 2 Mantisbt, Windows | 2024-08-04 | 4.3 Medium |
| In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them. | ||||
| CVE-2020-28911 | 1 Nagios | 1 Fusion | 2024-08-04 | 6.5 Medium |
| Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php. | ||||
| CVE-2020-26176 | 1 Tangro | 1 Business Workflow | 2024-08-04 | 4.3 Medium |
| An issue was discovered in tangro Business Workflow before 1.18.1. No (or broken) access control checks exist on the /api/document/<DocumentID>/attachments API endpoint. Knowing a document ID, an attacker can list all the attachments of a workitem, including their respective IDs. This allows the attacker to gather valid attachment IDs for workitems that do not belong to them. | ||||
| CVE-2020-26104 | 1 Cpanel | 1 Cpanel | 2024-08-04 | 7.5 High |
| In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552). | ||||
| CVE-2020-15775 | 1 Gradle | 1 Enterprise | 2024-08-04 | 7.5 High |
| An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is incorrectly viewable anonymously. | ||||
| CVE-2020-13937 | 1 Apache | 1 Kylin | 2024-08-04 | 5.3 Medium |
| Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone. | ||||
| CVE-2020-9202 | 1 Huawei | 1 Te Mobile | 2024-08-04 | 4.4 Medium |
| There is an information disclosure vulnerability in TE Mobile software versions V600R006C10,V600R006C10SPC100. Due to the improper storage of some information in certain specific scenario, the attacker can gain information in the victim's device to launch the attack, successful exploit could cause information disclosure. | ||||
| CVE-2020-8481 | 1 Abb | 1 800xa System | 2024-08-04 | 9.8 Critical |
| For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer. | ||||
| CVE-2020-8482 | 1 Abb | 1 Device Library Wizard | 2024-08-04 | 7.8 High |
| Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data | ||||
| CVE-2020-7000 | 1 Visam | 2 Vbase Editor, Vbase Web-remote | 2024-08-04 | 7.5 High |
| VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HMI web interface. | ||||
| CVE-2020-5262 | 1 Easybuild Project | 1 Easybuild | 2024-08-04 | 7.7 High |
| In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository. | ||||
| CVE-2020-1493 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2024-08-04 | 5.5 Medium |
| An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users. To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting. The security update addresses the vulnerability by correcting how Outlook handles file attachment links. | ||||
| CVE-2021-43512 | 1 Flightradar24 | 1 Flightradar24 Flight Tracker | 2024-08-04 | 5.5 Medium |
| An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys. | ||||
| CVE-2021-42371 | 1 Xorux | 2 Lpar2rrd, Stor2rrd | 2024-08-04 | 9.8 Critical |
| lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30. | ||||
| CVE-2021-36786 | 1 Miniorange | 1 Saml | 2024-08-04 | 7.5 High |
| The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys. | ||||
| CVE-2021-36546 | 1 Kitesky | 1 Kitecms | 2024-08-04 | 7.5 High |
| Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL. | ||||
| CVE-2021-36127 | 1 Mediawiki | 1 Mediawiki | 2024-08-04 | 4.3 Medium |
| An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts (which are supposed to be completely hidden). | ||||