CWE:
 

Nic nie znaleziono w bazie WLB2


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2020-04-03
Medium
CVE-2020-7000

Vendor: Visam
Software: Vbase editor
 

 
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HMI web interface.

 
2020-03-19
Low
CVE-2020-5262

Vendor: Easybuild project
Software: Easybuild
 

 
In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository.

 
2020-03-03
Low
CVE-2020-4197

Vendor: IBM
Software: Tivoli netco...
 

 
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174908.

 
2020-02-10
Medium
CVE-2019-20060

Vendor: Mfscripts
Software: Yetishare
 

 
MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information.

 
2020-01-15
Low
CVE-2020-2095

Vendor: Jenkins
Software: Redgate sql ...
 

 
Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.

 
2019-11-25
Low
CVE-2019-13719

Vendor: Google
Software: Chrome
 

 
Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.

 
Low
CVE-2019-13717

Vendor: Google
Software: Chrome
 

 
Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.

 
2019-10-10
Low
CVE-2019-4265

Vendor: IBM
Software: Maximo anywhere
 

 
IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198.

 
2019-10-02
Medium
CVE-2019-4549

Vendor: IBM
Software: Security dir...
 

 
IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951.

 
2019-10-01
Medium
CVE-2019-14957

Vendor: Jetbrains
Software: VIM
 

 
The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vim_settings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top