Vulnerabilities (CVE)

Filtered by CWE-200
Total 8186 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19256 1 Gitlab 1 Gitlab 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorrect Access Control.
CVE-2019-19254 1 Gitlab 1 Gitlab 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control.
CVE-2019-19091 1 Hitachienergy 1 Esoms 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack.
CVE-2019-19022 1 Iterm2 1 Iterm2 2024-11-21 5.0 MEDIUM 7.5 HIGH
iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git repositories.
CVE-2019-19007 1 Intelbras 2 Iwr 3000n, Iwr 3000n Firmware 2024-11-21 9.0 HIGH 7.2 HIGH
Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled, a related issue to CVE-2019-17600.
CVE-2019-19000 1 Hitachienergy 1 Esoms 2024-11-21 6.4 MEDIUM 6.5 MEDIUM
For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information.
CVE-2019-18987 1 Mediawiki 1 Abusefilter 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Once a specific abuse filter has (accidentally or otherwise) been made public, its previous versions can be exposed, thus potentially disclosing private or sensitive information within the filter's definition.
CVE-2019-18867 1 Blaauwproducts 1 Remote Kiln Control 2024-11-21 5.0 MEDIUM 7.5 HIGH
Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/.
CVE-2019-18679 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.
CVE-2019-18660 5 Canonical, Fedoraproject, Linux and 2 more 5 Ubuntu Linux, Fedora, Linux Kernel and 2 more 2024-11-21 1.9 LOW 4.7 MEDIUM
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.
CVE-2019-18612 1 Mediawiki 1 Abusefilter 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Previously hidden (restricted) AbuseFilter filters were viewable (or their differences were viewable) to unprivileged users, thus disclosing potentially sensitive information.
CVE-2019-18611 1 Mediawiki 1 Checkuser 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API.
CVE-2019-18461 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control.
CVE-2019-18460 1 Gitlab 1 Gitlab 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control.
CVE-2019-18335 1 Siemens 1 Sppa-t3000 Application Server 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to gain access to logs and configuration files by sending specifically crafted packets to 80/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
CVE-2019-18334 1 Siemens 1 Sppa-t3000 Application Server 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to enumerate valid user names by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
CVE-2019-18333 1 Siemens 1 Sppa-t3000 Application Server 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to filenames on the server by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
CVE-2019-18331 1 Siemens 1 Sppa-t3000 Application Server 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to path and filenames on the server by sending specifically crafted packets to 1099/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
CVE-2019-18287 1 Siemens 1 Sppa-t3000 Application Server 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18286. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
CVE-2019-18286 1 Siemens 1 Sppa-t3000 Application Server 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18287. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.