CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2019-5437 200 +Info 2019-05-10 2019-10-09
5.0
None Remote Low Not required Partial None None
Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and no fix was applied to our knowledge.
352 CVE-2019-5418 200 +Info 2019-03-27 2019-10-11
5.0
None Remote Low Not required Partial None None
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
353 CVE-2019-5415 200 +Info 2019-03-21 2019-10-09
5.0
None Remote Low Not required Partial None None
A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to.
354 CVE-2019-5407 200 +Info 2019-08-09 2019-08-16
6.5
None Remote Low Single system Partial Partial Partial
A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
355 CVE-2019-5394 200 +Info 2019-06-05 2019-06-06
4.9
None Local High Multiple systems Partial Partial Complete
The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration.
356 CVE-2019-5392 200 +Info 2019-06-05 2019-09-23
5.0
None Remote Low Not required Partial None None
A disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
357 CVE-2019-5301 200 +Info 2019-08-08 2019-08-15
4.3
None Remote Medium Not required Partial None None
Huawei smart phones Honor V20 with the versions before 9.0.1.161(C00E161R2P2) have an information leak vulnerability. An attacker may trick a user into installing a malicious application. Due to coding error during layer information processing, attackers can exploit this vulnerability to obtain some layer information.
358 CVE-2019-5281 200 +Info 2019-06-04 2019-06-05
2.1
None Local Low Not required Partial None None
There is an information leak vulnerability in some Huawei phones, versions earlier than Jackman-L21 8.2.0.155(C185R1P2). When a local attacker uses the camera of a smartphone, the attacker can exploit this vulnerability to obtain sensitive information by performing a series of operations.
359 CVE-2019-5244 200 +Info 2019-06-04 2019-06-05
4.3
None Remote Medium Not required Partial None None
Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) versions have an information leak vulnerability due to the lack of input validation. An attacker tricks the user who has root privilege to install an application on the smart phone, and the application can read some process information, which may cause sensitive information leak.
360 CVE-2019-5239 200 +Info 2019-08-08 2019-08-16
4.3
None Remote Medium Not required Partial None None
Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have an information leak vulnerability. Successful exploitation may cause the attacker to read information.
361 CVE-2019-5222 200 +Info 2019-07-17 2019-07-24
4.3
None Remote Medium Not required Partial None None
There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones in Versions earlier than Tony-AL00B 9.1.0.216(C00E214R2P1). The Secure Input does not properly limit certain system privilege. An attacker tricks the user to install a malicious application and successful exploit could result in information disclosure.
362 CVE-2019-5217 200 +Info 2019-06-04 2019-06-05
2.1
None Local Low Not required Partial None None
There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8). An attacker could view the photos after a series of operations without unlocking the screen lock. Successful exploit could cause an information disclosure condition.
363 CVE-2019-5065 200 +Info 2019-09-05 2019-09-06
5.0
None Remote Low Not required Partial None None
An exploitable information disclosure vulnerability exists in the packet-parsing functionality of Blynk-Library v0.6.1. A specially crafted packet can cause an unterminated strncpy, resulting in information disclosure. An attacker can send a packet to trigger this vulnerability.
364 CVE-2019-5017 200 +Info 2019-06-17 2019-06-20
5.0
None Remote Low Not required Partial None None
An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and send a packet containing an opcode that will trigger the kernel module to return several addresses. One of which can be used to calculate the dynamic base address of the module for further exploitation.
365 CVE-2019-5016 200 DoS +Info 2019-06-17 2019-06-20
6.4
None Remote Low Not required Partial None Partial
An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory read, resulting in a denial of service or remote information disclosure. An unauthenticated attacker can send a crafted packet on the local network to trigger this vulnerability.
366 CVE-2019-4538 601 +Info 2019-10-02 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 165660.
367 CVE-2019-4505 200 +Info 2019-09-20 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364.
368 CVE-2019-4485 200 +Info 2019-08-20 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069.
369 CVE-2019-4484 200 +Info 2019-08-20 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068.
370 CVE-2019-4477 200 +Info 2019-09-17 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997.
371 CVE-2019-4441 209 +Info 2019-10-03 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177.
372 CVE-2019-4437 200 +Info 2019-08-20 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947.
373 CVE-2019-4425 200 +Info 2019-08-20 2019-10-09
3.5
None Remote Medium Single system Partial None None
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771.
374 CVE-2019-4420 200 +Info 2019-08-20 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738.
375 CVE-2019-4385 200 +Info 2019-06-19 2019-06-27
2.1
None Local Low Not required Partial None None
IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173.
376 CVE-2019-4382 200 +Info 2019-06-25 2019-06-26
5.0
None Remote Low Not required Partial None None
IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162.
377 CVE-2019-4381 255 +Info 2019-06-14 2019-06-18
2.1
None Local Low Not required Partial None None
IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. An attacker could exploit this vulnerability to obtain HMC credentials. IBM X-Force ID: 162159.
378 CVE-2019-4377 200 +Info 2019-06-25 2019-06-28
4.0
None Remote Low Single system Partial None None
IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID: 162803.
379 CVE-2019-4369 200 +Info 2019-06-28 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM BigFix Inventory v9 (SUA v9 / ILMT v9) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 161807.
380 CVE-2019-4337 200 +Info 2019-07-01 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker to obtain sensitive information due to missing authentication in Ignite nodes. IBM X-Force ID: 161412.
381 CVE-2019-4308 200 +Info 2019-08-20 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.
382 CVE-2019-4305 565 +Info 2019-09-30 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951.
383 CVE-2019-4299 532 +Info 2019-07-01 2019-10-09
1.9
None Local Medium Not required Partial None None
IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765.
384 CVE-2019-4296 534 +Info 2019-07-01 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759.
385 CVE-2019-4295 200 +Info 2019-07-01 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker with specialized access to obtain highly sensitive from the credential vault. IBM X-Force ID: 160758.
386 CVE-2019-4293 200 +Info 2019-05-20 2019-05-24
5.0
None Remote Low Not required Partial None None
IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an attacker to reveal the server version in default installation, which could be used in further attacks against the system. IBM X-Force ID: 160699.
387 CVE-2019-4280 200 +Info 2019-09-30 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. IBM X-Force ID: 160503.
388 CVE-2019-4269 200 +Info 2019-06-28 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive information when a specially crafted url causes a stack trace to be dumped. IBM X-Force ID: 160202.
389 CVE-2019-4264 295 +Info 2019-05-29 2019-06-03
4.3
None Remote Medium Not required Partial None None
IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sensitive information by spoofing a trusted entity using man in the middle techniques due to not validating or incorrectly validating a certificate. IBM X-Force ID: 160072.
390 CVE-2019-4263 200 +Info File Inclusion 2019-07-11 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015.
391 CVE-2019-4260 200 +Info 2019-07-02 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0.5 could allow an unauthorized user to download server files resulting in sensitive information disclosure. IBM X-Force ID: 160012.
392 CVE-2019-4259 200 +Info 2019-05-13 2019-10-09
2.1
None Local Low Not required Partial None None
A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011.
393 CVE-2019-4257 200 +Info 2019-06-06 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability. Sensitive information in an error message may be used to conduct further attacks against the system. IBM X-Force ID: 159945.
394 CVE-2019-4246 200 +Info 2019-10-01 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Daeja ViewONE Virtual 5.0 through 5.0.6 could expose internal parameters to ViewONE clients that could be used in further attacks against the system. IBM X-Force ID: 159521.
395 CVE-2019-4235 200 +Info 2019-06-26 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417.
396 CVE-2019-4222 200 +Info 2019-04-25 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could allow an authenticated user to view process definition of a business process without permission. IBM X-Force ID: 159231.
397 CVE-2019-4219 200 +Info 2019-06-06 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 159228.
398 CVE-2019-4218 200 +Info 2019-06-06 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 159227.
399 CVE-2019-4207 200 +Info 2019-05-07 2019-10-09
2.1
None Local Low Not required Partial None None
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. IBM X-Force ID: 159148.
400 CVE-2019-4201 601 +Info 2019-06-05 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 159122.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.