Vulnerabilities (CVE)

CWE filter

CWE-200

Filter

6379 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-12902 2019-06-24 4.0
Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion. This allows a new user, holding the same User ID as a deleted user, to restore the deleted user's data.
CVE-2019-12814 2 Fasterxml, Debian 2 Jackson-databind, Debian Linux 2019-06-23 4.3
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar...
CVE-2016-3954 1 Web2py 1 Web2py 2019-06-21 2.1
web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957.
CVE-2019-12903 2019-06-21 4.0
Pydio Cells before 1.5.0, when supplied with a Name field in an unexpected Unicode format, fails to handle this and includes the database column/table name as pert of the error message, exposing sensitive information.
CVE-2018-15665 1 Cloudera 1 Data Science Workbench 2019-06-21 5.0
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.2.x through 1.4.0. Unauthenticated users can get a list of user accounts.
CVE-2019-11271 2019-06-21 2.1
Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials when configured to use a MySQL database. A local authenticated malicious user may read any credentials that are contained in a...
CVE-2017-1107 1 Ibm 1 Marketing Platform 2019-06-21 4.0
IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906.
CVE-2017-8337 1 Securifi 3 Almond%2bfirmware, Almond 2015 Firmware, Almond Firmware 2019-06-21 6.8
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of executing various actions on the web management interface. It seems that the device does not...
CVE-2019-11233 2019-06-21 5.0
EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information without being authenticated, by sending a LOGIN_ID element to the auth/main/asp/check_user_login_info.aspx URI, and then reading the response, as demonstrated by the...
CVE-2018-2008 1 Ibm 1 Tririga Application Platform 2019-06-21 4.0
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 could disclose sensitive information to an authenticated user that could aid in further attacks against the system. IBM X-Force ID: 155146.
CVE-2019-5017 2 Kcodes, Netgear 2 Netusb.ko, R8000 Firmware 2019-06-21 5.0
An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An...
CVE-2019-2004 1 Google 1 Android 2019-06-21 4.9
In publishKeyEvent, publishMotionEvent and sendUnchainedFinishedSignal of InputTransport.cpp, there are uninitialized data leading to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2019-5016 2 Kcodes, Netgear 3 Netusb.ko, R7900 Firmware, R8000 Firmware 2019-06-20 6.4
An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A...
CVE-2017-10719 1 Ishekar 1 Endoscope Camera Firmware 2019-06-20 4.0
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has default Wi-Fi credentials that are exactly the same for every device. This device acts as an Endoscope camera...
CVE-2017-8533 1 Microsoft 8 Office, Windows Server 2012, Windows Server 2016 and 5 more 2019-06-20 4.3
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics...
CVE-2019-12209 1 Yubico 1 Pam-u2f 2019-06-20 5.0
Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system...
CVE-2019-3886 2 Redhat, Opensuse 2 Libvirt, Leap 2019-06-19 4.8
An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by...
CVE-2019-4385 2019-06-19 2.1
IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173.
CVE-2019-0093 2019-06-19 2.1
Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow a privileged user to potentially enable...
CVE-2019-0174 1 Intel 188 2000e Firmware, 2002e Firmware, 2950m Firmware and 185 more 2019-06-19 2.1
Logic condition in specific microprocessors may allow an authenticated user to potentially enable partial physical address information disclosure via local access.