Total
8699 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38245 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-08-02 | 5.5 Medium |
| Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page. | ||||
| CVE-2023-38062 | 1 Jetbrains | 1 Teamcity | 2024-08-02 | 4.3 Medium |
| In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations | ||||
| CVE-2023-38133 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2024-08-02 | 6.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information. | ||||
| CVE-2023-37972 | 1 Multivendorx | 1 Product Stock Manager \& Notifier For Woocommerce | 2024-08-02 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MultiVendorX Product Stock Manager & Notifier for WooCommerce.This issue affects Product Stock Manager & Notifier for WooCommerce: from n/a through 2.0.1. | ||||
| CVE-2023-37868 | 1 Leap13 | 1 Premium Addons | 2024-08-02 | 6.5 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through 2.9.0. | ||||
| CVE-2023-37916 | 1 Fit2cloud | 1 Kubepi | 2024-08-02 | 6.5 Medium |
| KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user (including admin). A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-37484 | 1 Sap | 1 Powerdesigner | 2024-08-02 | 5.3 Medium |
| SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory. | ||||
| CVE-2023-37486 | 1 Sap | 2 Commerce Cloud, Commerce Hycom | 2024-08-02 | 5.9 Medium |
| Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successful exploitation there could be a high impact on confidentiality with no impact on integrity and availability of the application. | ||||
| CVE-2023-37487 | 1 Sap | 1 Business One | 2024-08-02 | 5.3 Medium |
| SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application | ||||
| CVE-2024-29883 | 2024-08-02 | 4.9 Medium | ||
| CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the `(createwiki)` user right regardless of the settings one sets on a given wiki request. This may expose information to users who are not supposed to be able to access it. | ||||
| CVE-2023-37239 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 7.5 High |
| Format string vulnerability in the distributed file system. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program. | ||||
| CVE-2023-37379 | 1 Apache | 1 Airflow | 2024-08-02 | 8.1 High |
| Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server. Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface. | ||||
| CVE-2023-37263 | 1 Strapi | 1 Strapi | 2024-08-02 | 6.8 Medium |
| Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible. Version 4.12.1 has a fix for this issue. | ||||
| CVE-2023-36926 | 1 Sap | 1 Host Agent | 2024-08-02 | 3.7 Low |
| Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server. There is no impact on integrity or availability. | ||||
| CVE-2023-36908 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2024-08-02 | 6.5 Medium |
| Windows Hyper-V Information Disclosure Vulnerability | ||||
| CVE-2023-36817 | 1 Kingstemple | 1 The King\'s Temple Church Website | 2024-08-02 | 7.5 High |
| `tktchurch/website` contains the codebase for The King's Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church's project. This sensitive information was unintentionally committed and subsequently exposed in the codebase. If an unauthorized party gains access to this key, they could potentially carry out transactions on behalf of the organization, leading to financial losses. Additionally, they could access sensitive customer information, leading to privacy violations and potential legal implications. The affected component is the codebase of our project, specifically the file(s) where the Stripe API key is embedded. The key should have been stored securely, and not committed to the codebase. The maintainers plan to revoke the leaked Stripe API key immediately, generate a new one, and not commit the key to the codebase. | ||||
| CVE-2023-36763 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-08-02 | 7.5 High |
| Microsoft Outlook Information Disclosure Vulnerability | ||||
| CVE-2023-36551 | 1 Fortinet | 1 Fortisiem | 2024-08-02 | 4.2 Medium |
| A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request. | ||||
| CVE-2023-36523 | 1 Gopiplus | 1 Email Download Link | 2024-08-02 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email download link.This issue affects Email download link: from n/a through 3.7. | ||||
| CVE-2023-36507 | 1 Reputeinfosystems | 1 Bookingpress | 2024-08-02 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.64. | ||||