Total
9580 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10750 | 2 Linuxfoundation, Redhat | 2 Jaeger, Jaeger | 2024-11-21 | 7.1 High |
| Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials. | ||||
| CVE-2020-10698 | 1 Redhat | 1 Ansible Tower | 2024-11-21 | 3.3 Low |
| A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it should be protected by the no_log flag when debugging is enabled. This flaw affects Ansible Tower versions before 3.6.4, Ansible Tower versions before 3.5.6 and Ansible Tower versions before 3.4.6. | ||||
| CVE-2020-10618 | 1 Lcds | 1 Laquis Scada | 2024-11-21 | 5.5 Medium |
| LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users. | ||||
| CVE-2020-10291 | 1 Kuka | 1 Visual Components Network License Server | 2024-11-21 | 7.5 High |
| Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from a network license server. The network license server binds to all interfaces (0.0.0.0) and listensfor packets over UDP port 5093. No authentication/authorization is required in order to communicate with theserver. The protocol being used is a property protocol by RMS Sentinel which provides the licensing infrastructurefor the network license server. RMS Sentinel license manager service exposes UDP port 5093 which provides sensitivesystem information that could be leveraged for further exploitation without any kind of authentication. Thisinformation includes detailed hardware and OS characteristics.After a decryption process, a textual protocol is found which contains a simple header with the requested command,application-identifier, and some arguments. The protocol leaks information regarding the receiving serverinformation, license information and managing licenses, among others.Through this flaw, attackers can retreive information about a KUKA simulation system, particularly, the version ofthe licensing server, which is connected to the simulator, and which will allow them to launch local simulationswith similar characteristics, further understanding the dynamics of motion virtualization and opening doors toother attacks (see RVDP#711 and RVDP#712 for subsequent vulnerabilities that compromise integrity andavailability).Beyond compromising simulations, Visual Components provides capabilities to interface with industrial machinery.Particularly, their PLC Connectivity feature 'makes it easy' to connect simulations with control systems usingeither the industry standard OPC UA or other supported vendor specific interfaces. This fills the gap of jumpingfrom simulation to real and enables attackers to pivot from the Visual Components simulator to robots or otherIndustrial Control System (ICS) devices, such as PLCs. | ||||
| CVE-2020-10274 | 3 Easyrobotics, Mobile-industrial-robots, Uvd-robots | 20 Er-flex, Er-flex Firmware, Er-lite and 17 more | 2024-11-21 | 7.1 High |
| The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). This flaw in combination with CVE-2020-10273 allows any attacker connected to the robot networks (wired or wireless) to exfiltrate all stored data (e.g. indoor mapping images) and associated metadata from the robot's database. | ||||
| CVE-2020-10264 | 1 Universal-robots | 7 Ur10, Ur10e, Ur3 and 4 more | 2024-11-21 | 8.8 High |
| CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Real-Time Data Exchange) interface on port 30004 which allows setting registers, the speed slider fraction as well as digital and analog Outputs. Additionally unautheticated reading of robot data is also possible | ||||
| CVE-2020-10136 | 4 Cisco, Digi, Hp and 1 more | 63 Nexus 1000v, Nexus 1000ve, Nexus 3016 and 60 more | 2024-11-21 | 5.3 Medium |
| IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing. | ||||
| CVE-2020-10104 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Zammad 3.0 through 3.2. After authentication, it transmits sensitive information to the user that may be compromised and used by an attacker to gain unauthorized access. Hashed passwords are returned to the user when visiting a certain URL. | ||||
| CVE-2020-10096 | 1 Zammad | 1 Zammad | 2024-11-21 | 7.5 High |
| An issue was discovered in Zammad 3.0 through 3.2. It does not prevent caching of confidential data within browser memory. An attacker who either remotely compromises or obtains physical access to a user's workstation can browse the browser cache contents and obtain sensitive information. The attacker does not need to be authenticated with the application to view this information, as it would be available via the browser cache. | ||||
| CVE-2020-10090 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed. | ||||
| CVE-2020-0549 | 6 Canonical, Debian, Fedoraproject and 3 more | 863 Ubuntu Linux, Debian Linux, Fedora and 860 more | 2024-11-21 | 5.5 Medium |
| Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2020-0548 | 2 Intel, Redhat | 859 Celeron 3855u, Celeron 3855u Firmware, Celeron 3865u and 856 more | 2024-11-21 | 5.5 Medium |
| Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2020-0488 | 1 Google | 1 Android | 2024-11-21 | 6.5 Medium |
| In ihevc_inter_pred_chroma_copy_ssse3 of ihevc_inter_pred_filters_ssse3_intr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158484516 | ||||
| CVE-2020-0427 | 5 Debian, Google, Opensuse and 2 more | 6 Debian Linux, Android, Leap and 3 more | 2024-11-21 | 5.5 Medium |
| In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 | ||||
| CVE-2020-0092 | 1 Google | 1 Android | 2024-11-21 | 5.0 Medium |
| In setHideSensitive of NotificationStackScrollLayout.java, there is a possible disclosure of sensitive notification content due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145135488 | ||||
| CVE-2020-0062 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| In Euicc, there is a possible information disclosure due to an included test Certificate. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143232031 | ||||
| CVE-2020-0031 | 1 Google | 1 Android | 2024-11-21 | 5.0 Medium |
| In triggerAugmentedAutofillLocked and related functions of Session.java, it is possible for Augmented Autofill to display sensitive information to the user inappropriately. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141703197 | ||||
| CVE-2020-0029 | 1 Google | 1 Android | 2024-11-21 | 2.3 Low |
| In the WifiConfigManager, there is a possible storage of location history which can only be deleted by triggering a factory reset. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140065828 | ||||
| CVE-2019-9866 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3. It allows Information Disclosure. | ||||
| CVE-2019-9849 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 4.3 Medium |
| LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5. | ||||