Total
216 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-22469 | 1 Nextcloud | 1 Deck | 2024-08-02 | 5.8 Medium |
| Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There are currently no known workarounds. It is recommended that the Nextcloud app Deck is upgraded to 1.8.2. | ||||
| CVE-2023-6460 | 1 Google | 1 Cloud Firestore | 2024-08-02 | 4 Medium |
| A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue | ||||
| CVE-2023-6253 | 1 Fortra | 1 Digital Guardian Agent | 2024-08-02 | 6.0 Medium |
| A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file. | ||||
| CVE-2023-5879 | 1 Geniecompany | 1 Aladdin Connect | 2024-08-02 | 6.8 Medium |
| Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication credentials. | ||||
| CVE-2023-3064 | 1 Mobatime | 1 Amxgt 100 | 2024-08-02 | 7.5 High |
| Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20. | ||||
| CVE-2023-2665 | 1 Rosariosis | 1 Rosariosis | 2024-08-02 | 7.5 High |
| Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0. | ||||
| CVE-2023-0580 | 1 Abb | 1 My Control System | 2024-08-02 | 5.4 Medium |
| Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability: User Interface System Monitoring1 Asset Inventory This issue affects My Control System (on-premise): from 5.0;0 through 5.13. | ||||
| CVE-2024-38453 | 2024-08-02 | 7.5 High | ||
| The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key. NOTE: the current version is 11 as of mid-2024. | ||||
| CVE-2024-32236 | 1 Cmseasy | 1 Cmseasy | 2024-08-02 | 3.5 Low |
| An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component. | ||||
| CVE-2024-30917 | 1 Eprosima | 1 Fast Dds | 2024-08-02 | 5.5 Medium |
| An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in DurabilityService QoS component. | ||||
| CVE-2024-29965 | 2024-08-02 | 6.8 Medium | ||
| In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches. | ||||
| CVE-2024-28132 | 2024-08-02 | 4.4 Medium | ||
| Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2024-22808 | 2024-08-01 | 7.5 High | ||
| An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC router via overwriting the card's name in the device memory. | ||||
| CVE-2024-22193 | 1 Vantage6 | 1 Vantage6 | 2024-08-01 | 3.5 Low |
| The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Users should ensure they set the encryption setting correctly. This vulnerability is patched in 4.2.0. | ||||
| CVE-2024-21826 | 2024-08-01 | 4.3 Medium | ||
| in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage. | ||||
| CVE-2024-6295 | 2024-08-01 | 3.9 Low | ||
| udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by udn. | ||||