Vulnerabilities (CVE)

Filtered by CWE-200
Total 8190 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-11024 1 Moonlight-stream 1 Moonlight 2024-11-21 4.9 MEDIUM 6.1 MEDIUM
In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS.
CVE-2020-11013 1 Helm 1 Helm 2024-11-21 4.0 MEDIUM 8.5 HIGH
Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. `lookup` is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about them. This can be used as part of the process to render templates. The documented behavior of `helm template` states that it does not attach to a remote cluster. However, a the recently added `lookup` template function circumvents this restriction and connects to the cluster even during `helm template` and `helm install|update|delete|rollback --dry-run`. The user is not notified of this behavior. Running `helm template` should not make calls to a cluster. This is different from `install`, which is presumed to have access to a cluster in order to load resources into Kubernetes. Helm 2 is unaffected by this vulnerability. A malicious chart author could inject a `lookup` into a chart that, when rendered through `helm template`, performs unannounced lookups against the cluster a user's `KUBECONFIG` file points to. This information can then be disclosed via the output of `helm template`. This issue has been fixed in Helm 3.2.0
CVE-2020-10997 1 Percona 1 Xtrabackup 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Percona XtraBackup before 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table.
CVE-2020-10976 1 Gitlab 1 Gitlab 2024-11-21 5.0 MEDIUM 7.5 HIGH
GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget.
CVE-2020-10945 1 Centreon 2 Centreon, Widget-host-monitoring 2024-11-21 3.3 LOW 4.3 MEDIUM
Centreon before 19.10.7 exposes Session IDs in server responses.
CVE-2020-10871 1 Openwrt 1 Luci 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further
CVE-2020-10618 1 Lcds 1 Laquis Scada 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users.
CVE-2020-10104 1 Zammad 1 Zammad 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Zammad 3.0 through 3.2. After authentication, it transmits sensitive information to the user that may be compromised and used by an attacker to gain unauthorized access. Hashed passwords are returned to the user when visiting a certain URL.
CVE-2020-10096 1 Zammad 1 Zammad 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Zammad 3.0 through 3.2. It does not prevent caching of confidential data within browser memory. An attacker who either remotely compromises or obtains physical access to a user's workstation can browse the browser cache contents and obtain sensitive information. The attacker does not need to be authenticated with the application to view this information, as it would be available via the browser cache.
CVE-2020-10090 1 Gitlab 1 Gitlab 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed.
CVE-2020-0488 1 Google 1 Android 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
In ihevc_inter_pred_chroma_copy_ssse3 of ihevc_inter_pred_filters_ssse3_intr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158484516
CVE-2020-0092 1 Google 1 Android 2024-11-21 1.9 LOW 5.0 MEDIUM
In setHideSensitive of NotificationStackScrollLayout.java, there is a possible disclosure of sensitive notification content due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145135488
CVE-2020-0062 1 Google 1 Android 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Euicc, there is a possible information disclosure due to an included test Certificate. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143232031
CVE-2020-0031 1 Google 1 Android 2024-11-21 4.7 MEDIUM 5.0 MEDIUM
In triggerAugmentedAutofillLocked and related functions of Session.java, it is possible for Augmented Autofill to display sensitive information to the user inappropriately. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141703197
CVE-2020-0029 1 Google 1 Android 2024-11-21 2.1 LOW 2.3 LOW
In the WifiConfigManager, there is a possible storage of location history which can only be deleted by triggering a factory reset. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140065828
CVE-2019-9866 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3. It allows Information Disclosure.
CVE-2019-9753 1 Otrs 1 Otrs 2024-11-21 4.0 MEDIUM 3.5 LOW
An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items.
CVE-2019-9444 1 Google 1 Android 2024-11-21 2.1 LOW 4.4 MEDIUM
In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.
CVE-2019-9424 1 Google 1 Android 2024-11-21 4.3 MEDIUM 7.5 HIGH
In the Screen Lock, there is a possible information disclosure due to an unusual root cause. In certain circumstances, the setting to hide the unlock pattern can be ignored. Product: AndroidVersions: Android-10Android ID: A-110941092
CVE-2019-9225 1 Gitlab 1 Gitlab 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 5 of 5).