• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-200

CVE-2020-5244

February 26, 2023 by

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2.

CVE-2020-5197

February 26, 2023 by

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control.

CVE-2020-5220

February 26, 2023 by

Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group – for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle’s controller is affected. The vulnerable versions are: =1.3.0 =1.4.0 =1.5.0 =1.6.0 <=1.6.2. The patch is provided for Sylius ResourceBundle 1.3.13, 1.4.6, 1.5.1 and 1.6.3, but not for any versions below 1.3.

CVE-2020-4957

February 26, 2023 by

IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. IBM X-Force ID: 192208.

CVE-2020-4967

February 26, 2023 by

IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425.

CVE-2020-4913

February 26, 2023 by

IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 202
  • Go to page 203
  • Go to page 204
  • Go to page 205
  • Go to page 206
  • Interim pages omitted …
  • Go to page 348
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE