Total
9887 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-5884 | 1 Std42 | 1 Elfinder | 2024-11-21 | 5.9 Medium |
| php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_basedir is not set. | ||||
| CVE-2019-5880 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 7.4 High |
| Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2019-5640 | 1 Rapid7 | 1 Nexpose | 2024-11-21 | 3.3 Low |
| Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user | ||||
| CVE-2019-5601 | 1 Freebsd | 1 Freebsd | 2024-11-21 | N/A |
| In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEASE-p7, 11.2-STABLE before r347475, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the FFS implementation causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding. | ||||
| CVE-2019-5534 | 1 Vmware | 1 Vcenter Server | 2024-11-21 | 7.7 High |
| VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. A malicious actor with access to query the vAppConfig properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine). | ||||
| CVE-2019-5489 | 3 Linux, Netapp, Redhat | 11 Linux Kernel, Active Iq Performance Analytics Services, Element Software Management Node and 8 more | 2024-11-21 | N/A |
| The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. | ||||
| CVE-2019-5470 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information. | ||||
| CVE-2019-5465 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID. | ||||
| CVE-2019-5463 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. | ||||
| CVE-2019-5437 | 1 Harpjs | 1 Harp | 2024-11-21 | N/A |
| Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and no fix was applied to our knowledge. | ||||
| CVE-2019-5073 | 1 Wago | 4 Pfc 100, Pfc 100 Firmware, Pfc 200 and 1 more | 2024-11-21 | 5.3 Medium |
| An exploitable information exposure vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause an external tool to fail, resulting in uninitialized stack data to be copied to the response packet buffer. An attacker can send unauthenticated packets to trigger this vulnerability. | ||||
| CVE-2019-5017 | 2 Kcodes, Netgear | 3 Netusb.ko, R8000, R8000 Firmware | 2024-11-21 | 5.3 Medium |
| An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and send a packet containing an opcode that will trigger the kernel module to return several addresses. One of which can be used to calculate the dynamic base address of the module for further exploitation. | ||||
| CVE-2019-5016 | 2 Kcodes, Netgear | 5 Netusb.ko, R7900, R7900 Firmware and 2 more | 2024-11-21 | 9.1 Critical |
| An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory read, resulting in a denial of service or remote information disclosure. An unauthenticated attacker can send a crafted packet on the local network to trigger this vulnerability. | ||||
| CVE-2019-4751 | 1 Ibm | 1 Cloud App Management | 2024-11-21 | 5.3 Medium |
| IBM Cloud App Management 2019.3.0 and 2019.4.0 reveals a stack trace on certain API requests which can allow an attacker further information about the implementation of the offering. IBM X-Force ID: 173311. | ||||
| CVE-2019-4731 | 1 Ibm | 1 Mq Appliance | 2024-11-21 | 5.5 Medium |
| IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 172616. | ||||
| CVE-2019-4562 | 1 Ibm | 1 Security Directory Server | 2024-11-21 | 5.3 Medium |
| IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623. | ||||
| CVE-2019-4559 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 5.3 Medium |
| IBM QRadar SIEM 7.3.0 through 7.3.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 166355. | ||||
| CVE-2019-4514 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 5.3 Medium |
| IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165136. | ||||
| CVE-2019-4444 | 1 Ibm | 1 Api Connect | 2024-11-21 | 5.5 Medium |
| IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. IBM X-Force ID: 163453. | ||||
| CVE-2019-4437 | 1 Ibm | 1 Api Connect | 2024-11-21 | 5.3 Medium |
| IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947. | ||||