Total
8795 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-6105 | 3 Linux, Microsoft, Zohocorp | 41 Linux Kernel, Windows, Manageengine Access Manager Plus and 38 more | 2024-11-21 | 5.5 Medium |
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database. | ||||
CVE-2023-6101 | 1 Maiwei Safety Production Control Platform Project | 1 Maiwei Safety Production Control Platform | 2024-11-21 | 5.3 Medium |
A vulnerability, which was classified as problematic, has been found in Maiwei Safety Production Control Platform 4.1. This issue affects some unknown processing of the file /TC/V2.7/ha.html of the component Intelligent Monitoring. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-245063. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2023-6100 | 1 Maiwei Safety Production Control Platform Project | 1 Maiwei Safety Production Control Platform | 2024-11-21 | 5.3 Medium |
A vulnerability classified as problematic was found in Maiwei Safety Production Control Platform 4.1. This vulnerability affects unknown code of the file /api/DataDictionary/GetItemList. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-245062 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2023-6076 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2024-11-21 | 5.3 Medium |
A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file booking-details.php of the component Reservation Status Handler. The manipulation of the argument bid leads to information disclosure. The attack can be launched remotely. The identifier VDB-244945 was assigned to this vulnerability. | ||||
CVE-2023-6001 | 1 Yugabyte | 1 Yugabytedb | 2024-11-21 | 5.3 Medium |
Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment. | ||||
CVE-2023-5968 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 4.9 Medium |
Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body. | ||||
CVE-2023-5920 | 2 Apple, Mattermost | 2 Macos, Mattermost Desktop | 2024-11-21 | 2.9 Low |
Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input. | ||||
CVE-2023-5718 | 1 Vuejs | 1 Devtools | 2024-11-21 | 4.3 Medium |
The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard `postMessage()` API. By creating a malicious web page with an iFrame targeting a sensitive resource (i.e. a locally accessible file or sensitive website), and registering a listener on the web page, the extension sent messages back to the listener, containing the base64 encoded screenshot data of the sensitive resource. | ||||
CVE-2023-5642 | 1 Advantech | 1 R-seenet | 2024-11-21 | 9.8 Critical |
Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information. | ||||
CVE-2023-5579 | 1 Yzh66 | 1 Sandbox | 2024-11-21 | 3.5 Low |
A vulnerability was found in yhz66 Sandbox 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /im/user/ of the component User Data Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-242144. | ||||
CVE-2023-5552 | 1 Sophos | 1 Firewall | 2024-11-21 | 7.1 High |
A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”. | ||||
CVE-2023-5551 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 3.3 Low |
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups. | ||||
CVE-2023-5545 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 3.3 Low |
H5P metadata automatically populated the author with the user's username, which could be sensitive information. | ||||
CVE-2023-5516 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 5.3 Medium |
Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints, backend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities. | ||||
CVE-2023-5515 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 5.3 Medium |
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications. | ||||
CVE-2023-5339 | 1 Mattermost | 1 Mattermost Desktop | 2024-11-21 | 4.7 Medium |
Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. | ||||
CVE-2023-5256 | 1 Drupal | 1 Drupal | 2024-11-21 | 7.5 High |
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API. The core REST and contributed GraphQL modules are not affected. | ||||
CVE-2023-5166 | 1 Docker | 1 Docker Desktop | 2024-11-21 | 8 High |
Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0. | ||||
CVE-2023-5160 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 4.3 Medium |
Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled | ||||
CVE-2023-5070 | 1 Ultimatelysocial | 1 Social Media Share Buttons \& Social Sharing Icons | 2024-11-21 | 6.5 Medium |
The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.8.5 via the sfsi_save_export function. This can allow subscribers to export plugin settings that include social media authentication tokens and secrets as well as app passwords. |