CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2020-11-13
Low
CVE-2020-4886

Vendor: IBM
Software: Infosphere i...
 

 
IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910.

 
2020-10-29
Low
CVE-2020-11484

Updating...
 

 
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to information disclosure.

 
2020-10-28
Medium
CVE-2020-25966

Vendor: Sectona
Software: Spectra
 

 
Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value.

 
2020-10-27
Low
CVE-2019-8898

Vendor: Apple
Software: Itunes
 

 
An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited.

 
Low
CVE-2019-8799

Vendor: Apple
Software: Ipados
 

 
This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications.

 
Low
CVE-2019-8790

Vendor: Apple
Software: Swift
 

 
This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure.

 
2020-10-14
Low
CVE-2020-0422

Vendor: Google
Software: Android
 

 
In constructImportFailureNotification of NotificationImportExportListener.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-161718556

 
2020-09-25
Medium
CVE-2020-26104

Vendor: Cpanel
Software: Cpanel
 

 
In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552).

 
2020-09-18
Medium
CVE-2020-15775

Vendor: Gradle
Software: Enterprise
 

 
An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. Unrestricted access to a high-level system-usage summary allows an attacker to obtain project names and usage metrics.

 
2020-09-15
Low
CVE-2020-4344

Vendor: IBM
Software: Tivoli busin...
 

 
IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top