Total
9641 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10156 | 2 Debian, Redhat | 4 Debian Linux, Ansible, Ansible Engine and 1 more | 2024-11-21 | 5.4 Medium |
| A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed. | ||||
| CVE-2019-10109 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. EXIF geolocation data were not removed from images when uploaded to GitLab. As a result, anyone with access to the uploaded image could obtain its geolocation, device, and software version data (if present). | ||||
| CVE-2019-10083 | 1 Apache | 1 Nifi | 2024-11-21 | 5.3 Medium |
| When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which the user may not have had read access to. | ||||
| CVE-2019-1010299 | 1 Rust-lang | 1 Rust | 2024-11-21 | 5.3 Medium |
| The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vector is: The program needs to invoke debug printing for iterator over an empty VecDeque. The fixed version is: 1.30.0, nightly versions after commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d. | ||||
| CVE-2019-1010283 | 1 Univention | 1 Univention Corporate Server | 2024-11-21 | 7.5 High |
| Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later. | ||||
| CVE-2019-1010025 | 1 Gnu | 1 Glibc | 2024-11-21 | N/A |
| GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability. | ||||
| CVE-2019-1010024 | 1 Gnu | 1 Glibc | 2024-11-21 | N/A |
| GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. | ||||
| CVE-2019-1003021 | 1 Jenkins | 1 Openid Connect Authentication | 2024-11-21 | N/A |
| An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret. | ||||
| CVE-2019-1003018 | 1 Jenkins | 1 Github Oauth | 2024-11-21 | N/A |
| An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret. | ||||
| CVE-2019-0647 | 1 Microsoft | 1 Team Foundation Server | 2024-11-21 | N/A |
| An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation Server Information Disclosure Vulnerability." This affects Team. | ||||
| CVE-2019-0545 | 2 Microsoft, Redhat | 12 .net Core, .net Framework, Windows 10 and 9 more | 2024-11-21 | N/A |
| An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2. | ||||
| CVE-2019-0405 | 1 Sap | 1 Enable Now | 2024-11-21 | 7.5 High |
| SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure. | ||||
| CVE-2019-0390 | 1 Sap | 1 Diagnostics Agent | 2024-11-21 | 4.3 Medium |
| Under certain conditions SAP Data Hub (corrected in DH_Foundation version 2) allows an attacker to access information which would otherwise be restricted. Connection details that are maintained in Connection Manager are visible to users. | ||||
| CVE-2019-0352 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 7.5 High |
| In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout. | ||||
| CVE-2019-0338 | 1 Sap | 1 Gateway | 2024-11-21 | N/A |
| During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure. | ||||
| CVE-2019-0202 | 1 Apache | 1 Storm | 2024-11-21 | N/A |
| The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints. | ||||
| CVE-2019-0174 | 1 Intel | 376 2000e, 2000e Firmware, 2002e and 373 more | 2024-11-21 | N/A |
| Logic condition in specific microprocessors may allow an authenticated user to potentially enable partial physical address information disclosure via local access. | ||||
| CVE-2019-0162 | 1 Intel | 1 - | 2024-11-21 | N/A |
| Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2019-0117 | 2 Intel, Redhat | 331 Core I5-7200u, Core I5-7200u Firmware, Core I5-7260u and 328 more | 2024-11-21 | 4.4 Medium |
| Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families; Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2019-0048 | 1 Juniper | 20 Ex4300-24p, Ex4300-24p-s, Ex4300-24t and 17 more | 2024-11-21 | 5.8 Medium |
| On EX4300 Series switches with TCAM optimization enabled, incoming multicast traffic matches an implicit loopback filter rule first, since it has high priority. This rule is meant for reserved multicast addresses 224.0.0.x, but incorrectly matches on 224.x.x.x. Due to this bug, when a firewall filter is applied on the loopback interface, other firewall filters might stop working for multicast traffic. The command 'show firewall filter' can be used to confirm whether the filter is working. This issue only affects the EX4300 switch. No other products or platforms are affected by this vulnerability. This issue affects: Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D51, 14.1X53-D115 on EX4300 Series; 17.1 versions prior to 17.1R3 on EX4300 Series; 17.2 versions prior to 17.2R3-S2 on EX4300 Series; 17.3 versions prior to 17.3R3-S3 on EX4300 Series; 17.4 versions prior to 17.4R2-S5, 17.4R3 on EX4300 Series; 18.1 versions prior to 18.1R3-S1 on EX4300 Series; 18.2 versions prior to 18.2R2 on EX4300 Series; 18.3 versions prior to 18.3R2 on EX4300 Series. | ||||