Total
28533 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-1787 | 1 Gitlab | 1 Gitlab | 2024-08-02 | 4.3 Medium |
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description. | ||||
CVE-2023-1751 | 1 Getnexx | 8 Nxal-100, Nxal-100 Firmware, Nxg-100b and 5 more | 2024-08-02 | 7.5 High |
The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. This could allow any authorized user to receive alarm information and signals meant for other devices which leak a deviceId. | ||||
CVE-2023-1681 | 1 Xunruicms | 1 Xunruicms | 2024-08-02 | 4.3 Medium |
A vulnerability, which was classified as problematic, was found in Xunrui CMS 4.61. Affected is an unknown function of the file /config/myfield/test.php. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224238 is the identifier assigned to this vulnerability. | ||||
CVE-2023-1710 | 1 Gitlab | 1 Gitlab | 2024-08-02 | 5.3 Medium |
A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue. | ||||
CVE-2023-1779 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-08-02 | 4.3 Medium |
Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions <=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information. | ||||
CVE-2023-1790 | 1 Simple Task Allocation System Project | 1 Simple Task Allocation System | 2024-08-02 | 4.3 Medium |
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Task Allocation System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224724. | ||||
CVE-2023-1680 | 1 Xunruicms | 1 Xunruicms | 2024-08-02 | 4.3 Medium |
A vulnerability, which was classified as problematic, has been found in Xunrui CMS 4.61. This issue affects some unknown processing of the file /dayrui/My/View/main.html. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224237 was assigned to this vulnerability. | ||||
CVE-2023-1707 | 1 Hp | 317 Color Laserjet Enterprise 5700 49k98a, Color Laserjet Enterprise 5700 6qn28a, Color Laserjet Enterprise 6700 49l00a and 314 more | 2024-08-02 | 7.5 High |
Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6. | ||||
CVE-2023-1636 | 2 Openstack, Redhat | 3 Barbican, Openstack, Openstack Platform | 2024-08-02 | 6 Medium |
A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican. | ||||
CVE-2023-1696 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 7.5 High |
The multimedia video module has a vulnerability in data processing.Successful exploitation of this vulnerability may affect availability. | ||||
CVE-2023-1677 | 1 Drivergenius | 1 Drivergenius | 2024-08-02 | 5.5 Medium |
A vulnerability was found in DriverGenius 9.70.0.346. It has been rated as problematic. Affected by this issue is the function 0x9c40a0c8/0x9c40a0dc/0x9c40a0e0/0x9c40a0d8/0x9c4060d4/0x9c402004/0x9c402088/0x9c40208c/0x9c4060d0/0x9c4060cc/0x9c4060c4/0x9c402084 in the library mydrivers64.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-224234 is the identifier assigned to this vulnerability. | ||||
CVE-2023-1621 | 1 Gitlab | 1 Gitlab | 2024-08-02 | 6.5 Medium |
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to commit to projects even from a restricted IP address. | ||||
CVE-2023-1625 | 2 Openstack, Redhat | 3 Heat, Openstack, Openstack Platform | 2024-08-02 | 7.4 High |
An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system. | ||||
CVE-2023-1584 | 2 Quarkus, Redhat | 3 Quarkus, Quarkus, Service Registry | 2024-08-02 | 7.5 High |
A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services. Please note that passwords are not stored in access tokens. | ||||
CVE-2023-1542 | 1 Answer | 1 Answer | 2024-08-02 | 5.4 Medium |
Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6. | ||||
CVE-2023-1541 | 1 Answer | 1 Answer | 2024-08-02 | 3.8 Low |
Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6. | ||||
CVE-2023-1526 | 1 Hp | 15 Designjet Z6, Designjet Z6 Firmware, Designjet Z6dr and 12 more | 2024-08-02 | 4.6 Medium |
Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer. | ||||
CVE-2023-1426 | 1 Keetrax | 1 Wp Tiles | 2024-08-02 | 6.5 Medium |
The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post. | ||||
CVE-2023-1387 | 2 Grafana, Redhat | 2 Grafana, Ceph Storage | 2024-08-02 | 4.2 Medium |
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana. | ||||
CVE-2023-1369 | 1 Tgsoft | 2 Vir.it Explorer, Viragtlt.sys | 2024-08-02 | 5 Medium |
A vulnerability was found in TG Soft Vir.IT eXplorer 9.4.86.0. It has been rated as problematic. This issue affects the function 0x82730088 in the library VIRAGTLT.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 9.5 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222875. |