Total
217 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38312 | 1 Mozilla | 1 Firefox | 2024-10-30 | 6.5 Medium |
| When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 127. | ||||
| CVE-2024-44222 | 1 Apple | 1 Macos | 2024-10-30 | 3.3 Low |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to read sensitive location information. | ||||
| CVE-2024-44175 | 1 Apple | 1 Macos | 2024-10-30 | 7.5 High |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.1. An app may be able to access sensitive user data. | ||||
| CVE-2024-44174 | 1 Apple | 1 Macos | 2024-10-30 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An attacker may be able to view restricted content from the lock screen. | ||||
| CVE-2023-28864 | 1 Progress | 1 Chef Infra Server | 2024-10-30 | 5.5 Medium |
| Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command. | ||||
| CVE-2024-40832 | 1 Apple | 1 Macos | 2024-10-29 | 3.3 Low |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to view a contact's phone number in system logs. | ||||
| CVE-2024-40813 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2024-10-29 | 4.6 Medium |
| A lock screen issue was addressed with improved state management. This issue is fixed in watchOS 10.6, iOS 17.6 and iPadOS 17.6. An attacker with physical access may be able to use Siri to access sensitive user data. | ||||
| CVE-2024-30132 | 2024-10-29 | 3.7 Low | ||
| HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors. | ||||
| CVE-2024-44263 | 2024-10-29 | 4 Medium | ||
| A logic issue was addressed with improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to access user-sensitive data. | ||||
| CVE-2024-44257 | 2024-10-29 | 6.2 Medium | ||
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to access sensitive user data. | ||||
| CVE-2024-44216 | 2024-10-29 | 6.2 Medium | ||
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to access user-sensitive data. | ||||
| CVE-2023-37521 | 1 Hcltechsw | 1 Bigfix Bare Osd Metal Server Webui | 2024-10-29 | 2.3 Low |
| HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack. | ||||
| CVE-2023-37439 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2024-10-29 | 6.1 Medium |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | ||||
| CVE-2023-23437 | 1 Hihonor | 1 Vmall | 2024-10-29 | 3.3 Low |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak | ||||
| CVE-2023-23348 | 1 Hcltechsw | 1 Hcl Launch | 2024-10-29 | 5.1 Medium |
| HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed. | ||||
| CVE-2024-44275 | 2024-10-29 | 3.3 Low | ||
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious application may be able to modify protected parts of the file system. | ||||
| CVE-2023-41723 | 1 Veeam | 1 One | 2024-10-29 | 4.3 Medium |
| A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes. | ||||
| CVE-2023-34056 | 1 Vmware | 1 Vcenter Server | 2024-10-29 | 4.3 Medium |
| vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data. | ||||
| CVE-2024-5206 | 1 Scikit-learn | 1 Scikit-learn | 2024-10-24 | 4.7 Medium |
| A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the `stop_words_` attribute, rather than only storing the subset of tokens required for the TF-IDF technique to function. This behavior leads to the potential leakage of sensitive information, as the `stop_words_` attribute could contain tokens that were meant to be discarded and not stored, such as passwords or keys. The impact of this vulnerability varies based on the nature of the data being processed by the vectorizer. | ||||
| CVE-2022-46484 | 1 Ngsurvey | 1 Ngsurvey | 2024-10-17 | 7.5 High |
| Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys. | ||||