Total
105 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-27127 | 1 Cisco | 2 Jabber, Jabber For Mobile Platforms | 2024-11-13 | 9.9 Critical |
| Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2020-27132 | 1 Cisco | 2 Jabber, Jabber For Mobile Platforms | 2024-11-13 | 9.9 Critical |
| Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2020-27133 | 1 Cisco | 2 Jabber, Jabber For Mobile Platforms | 2024-11-13 | 9.9 Critical |
| Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2020-27134 | 1 Cisco | 2 Jabber, Jabber For Mobile Platforms | 2024-11-13 | 9.9 Critical |
| Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2020-26085 | 1 Cisco | 1 Jabber | 2024-11-12 | 9.9 Critical |
| Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2021-1129 | 1 Cisco | 3 Content Security Management Appliance, Email Security Appliance, Web Security Appliance | 2024-11-12 | 5.3 Medium |
| A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to access general system information and certain configuration information from an affected device. The vulnerability exists because a secure authentication token is not required when authenticating to the general purpose API. An attacker could exploit this vulnerability by sending a crafted request for information to the general purpose API on an affected device. A successful exploit could allow the attacker to obtain system and configuration information from the affected device, resulting in an unauthorized information disclosure. | ||||
| CVE-2021-1128 | 1 Cisco | 1 Ios Xr | 2024-11-08 | 5.5 Medium |
| A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain sensitive information within the configuration that otherwise might not have been accessible beyond the privileges of the invoking user. | ||||
| CVE-2024-50378 | 2024-11-08 | 4.9 Medium | ||
| Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, it is recommended to upgrade to Airflow 2.10.3 or a later version, which addresses this issue. Users who previously used the CLI to set secret variables should manually delete entries with those variables from the log table. | ||||
| CVE-2021-34771 | 1 Cisco | 1 Ios Xr | 2024-11-07 | 5.5 Medium |
| A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. This vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by running a specific command. A successful exploit could allow the attacker to view sensitive configuration information that their privileges might not otherwise allow them to access. | ||||
| CVE-2023-2620 | 1 Gitlab | 1 Gitlab | 2024-11-06 | 5.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions. This addresses an incomplete fix for CVE-2023-0838. | ||||
| CVE-2024-22371 | 1 Redhat | 1 Openshift Serverless | 2024-10-31 | 2.9 Low |
| Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0. Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue. | ||||
| CVE-2024-49235 | 1 Videowhisper | 1 Contact Forms Live Support Crm Video Messages Plugin | 2024-10-18 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in VideoWhisper.Com Contact Forms, Live Support, CRM, Video Messages allows Retrieve Embedded Sensitive Data.This issue affects Contact Forms, Live Support, CRM, Video Messages: from n/a through 1.10.2. | ||||
| CVE-2024-47128 | 1 Gotenna | 2 Gotenna Pro, Pro App | 2024-10-17 | 4.3 Medium |
| The goTenna Pro App encryption key name is always sent unencrypted when the key is shared over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations. | ||||
| CVE-2024-43814 | 1 Gotenna | 1 Gotenna | 2024-10-17 | 4.3 Medium |
| The goTenna Pro ATAK Plugin's default settings are to share Automatic Position, Location, and Information (PLI) updates every 60 seconds once the plugin is active and goTenna is connected. Users that are unaware of their settings and have not activated encryption before a mission may accidentally broadcast their location unencrypted. It is advised to verify PLI settings are the desired rate and activate encryption prior to mission. Update to the latest Plugin to disable this default setting. | ||||
| CVE-2024-41931 | 1 Gotenna | 1 Gotenna | 2024-10-17 | 4.3 Medium |
| The goTenna Pro ATAK Plugin encryption key name is always sent unencrypted when the key is sent over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations. | ||||
| CVE-2023-3299 | 1 Hashicorp | 1 Nomad | 2024-10-17 | 3.4 Low |
| HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11. | ||||
| CVE-2024-6747 | 1 Checkmk | 1 Checkmk | 2024-10-15 | 5.3 Medium |
| Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data | ||||
| CVE-2023-3949 | 1 Gitlab | 1 Gitlab | 2024-10-10 | 5.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects' release descriptions via an atom endpoint when release access on the public was set to only project members. | ||||
| CVE-2023-49261 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2024-10-10 | 7.5 High |
| The "tokenKey" value used in user authorization is visible in the HTML source of the login page. | ||||
| CVE-2023-4378 | 1 Gitlab | 1 Gitlab | 2024-10-09 | 5.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the configured URL in the Sentry error tracking settings page. This was as a result of an incomplete fix for CVE-2022-4365. | ||||