Total
646 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-34725 | 1 Jaycar | 2 La5570, La5570 Firmware | 2024-08-02 | 6.8 Medium |
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection. | ||||
CVE-2023-34467 | 1 Xwiki | 1 Xwiki | 2024-08-02 | 7.5 High |
XWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully taken into account. While the mail displayed to the end user was obfuscated, the rest response was also containing the mail unobfuscated and users were able to filter and sort on the unobfuscated, allowing them to infer the mail content. The consequence was the possibility to retrieve the email addresses of all users even when obfuscated. This has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1. | ||||
CVE-2023-34250 | 1 Discourse | 1 Discourse | 2024-08-02 | 4.8 Medium |
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, an attacker could use the new topics dismissal endpoint to reveal the number of topics recently created (but not the actual content thereof) in categories they didn't have access to. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds. | ||||
CVE-2023-34189 | 1 Apache | 1 Inlong | 2024-08-02 | 6.5 Medium |
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109 to solve it. | ||||
CVE-2023-34114 | 1 Zoom | 1 Zoom | 2024-08-02 | 7.4 High |
Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access. | ||||
CVE-2023-33518 | 1 Emoncms | 1 Emoncms | 2024-08-02 | 5.3 Medium |
emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request. | ||||
CVE-2023-33510 | 1 Jeecg P3 Biz Chat Project | 1 Jeecg P3 Biz Chat | 2024-08-02 | 7.5 High |
Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters. | ||||
CVE-2023-33368 | 1 Assaabloy | 1 Control Id Idsecure | 2024-08-02 | 6.5 Medium |
Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes. | ||||
CVE-2023-33293 | 1 Kaiostech | 1 Kaios | 2024-08-02 | 5.3 Medium |
An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios/api-daemon exposes a local web server on *.localhost with subdomains for each installed applications, e.g., myapp.localhost. An attacker can make fetch requests to api-deamon to determine if a given app is installed and read the manifest.webmanifest contents, including the app version. | ||||
CVE-2023-32760 | 1 Archerirm | 1 Archer | 2024-08-02 | 7.7 High |
An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication. | ||||
CVE-2023-32759 | 1 Archerirm | 1 Archer | 2024-08-02 | 7.5 High |
An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL. | ||||
CVE-2023-32613 | 1 Wavlink | 2 Wl-wn531ax2, Wl-wn531ax2 Firmware | 2024-08-02 | 8.1 High |
Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging in. | ||||
CVE-2023-32550 | 1 Canonical | 1 Landscape | 2024-08-02 | 9.3 Critical |
Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API. | ||||
CVE-2023-32394 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-08-02 | 2.4 Low |
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. A person with physical access to a device may be able to view contact information from the lock screen. | ||||
CVE-2023-29820 | 1 Webroot | 1 Secureanywhere | 2024-08-02 | 5.5 Medium |
An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. NOTE: the vendor's perspective is that this is not a separate vulnerability relative to CVE-2023-29818 and CVE-2023-29819. | ||||
CVE-2023-32019 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2024-08-02 | 4.7 Medium |
Windows Kernel Information Disclosure Vulnerability | ||||
CVE-2023-32016 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-08-02 | 5.5 Medium |
Windows Installer Information Disclosure Vulnerability | ||||
CVE-2023-31818 | 1 Marukyu | 1 Marukyu Line | 2024-08-02 | 7.5 High |
An issue found in Marukyu Line v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function. | ||||
CVE-2023-31206 | 1 Apache | 1 Inlong | 2024-08-02 | 7.5 High |
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it. [1] https://cveprocess.apache.org/cve5/[1]%C2%A0https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 | ||||
CVE-2023-31103 | 1 Apache | 1 Inlong | 2024-08-02 | 7.5 High |
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 to solve it. |