Filtered by CWE-200
Total 8768 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-27830 1 Apple 7 Ipados, Iphone Os, Macos and 4 more 2024-09-25 6.5 Medium
This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.
CVE-2023-36551 1 Fortinet 1 Fortisiem 2024-09-24 4.2 Medium
A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request.
CVE-2021-44172 1 Fortinet 1 Forticlient Endpoint Management Server 2024-09-24 3.6 Low
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path.
CVE-2024-46987 1 Tuzitio 1 Camaleon Cms 2024-09-24 7.7 High
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions). This issue may lead to Information Disclosure. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-5166 1 Docker 1 Docker Desktop 2024-09-24 8 High
Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0.
CVE-2023-38718 1 Ibm 1 Robotic Process Automation 2024-09-24 3.7 Low
IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606.
CVE-2023-40368 1 Ibm 1 Storage Protect 2024-09-24 4.4 Medium
IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. IBM X-Force ID: 263456.
CVE-2023-1633 2 Openstack, Redhat 3 Barbican, Openstack, Openstack Platform 2024-09-24 6.6 Medium
A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.
CVE-2023-40049 1 Progress 1 Ws Ftp Server 2024-09-24 5.3 Medium
In WS_FTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing.
CVE-2023-3640 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-09-23 7 High
A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.
CVE-2023-42820 1 Fit2cloud 1 Jumpserver 2024-09-23 7 High
JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled users are not affect. Users not using local authentication are also not affected. Users are advised to upgrade to either version 2.28.19 or to 3.6.5. There are no known workarounds or this issue.
CVE-2023-41321 1 Glpi-project 1 Glpi 2024-09-23 4.9 Medium
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.
CVE-2023-23958 1 Symantec 1 Protection Engine 2024-09-23 6.8 Medium
Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability.
CVE-2023-41323 1 Glpi-project 1 Glpi 2024-09-23 5.3 Medium
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.
CVE-2023-5256 1 Drupal 1 Drupal 2024-09-23 7.5 High
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API. The core REST and contributed GraphQL modules are not affected.
CVE-2024-7557 1 Redhat 2 Openshift Ai, Openshift Data Science 2024-09-23 8.8 High
A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources.
CVE-2022-47892 1 Riello-ups 2 Netman 204, Netman 204 Firmware 2024-09-23 5.3 Medium
All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config.cgi) containing sensitive information, like credentials.
CVE-2024-31490 1 Fortinet 1 Fortisandbox 2024-09-20 4.2 Medium
An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5 allows attacker to information disclosure via HTTP get requests.
CVE-2024-46938 1 Sitecore 3 Experience Commerce, Experience Manager, Experience Platform 2024-09-20 7.5 High
An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.
CVE-2024-8780 1 Syscomgo 1 Omflow 2024-09-20 6.5 Medium
OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users.