Total
8699 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3819 | 1 Pimcore | 1 Pimcore | 2024-08-02 | 6.5 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4. | ||||
| CVE-2023-3705 | 1 Cpplusworld | 6 Cp-vnr-3104, Cp-vnr-3104 Firmware, Cp-vnr-3108 and 3 more | 2024-08-02 | 7.5 High |
| The vulnerability exists in CP-Plus NVR due to an improper input handling at the web-based management interface of the affected product. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to obtain sensitive information on the targeted device. | ||||
| CVE-2023-3553 | 1 Teampass | 1 Teampass | 2024-08-02 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository nilsteampassnet/teampass prior to 3.0.10. | ||||
| CVE-2023-3455 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 9.1 Critical |
| Key management vulnerability on system. Successful exploitation of this vulnerability may affect service availability and integrity. | ||||
| CVE-2023-3362 | 1 Gitlab | 1 Gitlab | 2024-08-02 | 5.3 Medium |
| An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub. | ||||
| CVE-2023-3231 | 1 Ujcms | 1 Ujcms | 2024-08-02 | 3.1 Low |
| A vulnerability has been found in UJCMS up to 6.0.2 and classified as problematic. This vulnerability affects unknown code of the component ZIP Package Handler. The manipulation of the argument dir leads to information disclosure. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-231502 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-3064 | 1 Mobatime | 1 Amxgt 100 | 2024-08-02 | 7.5 High |
| Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20. | ||||
| CVE-2023-2991 | 1 Globalscape | 1 Eft Server | 2024-08-02 | 5.3 Medium |
| Fortra Globalscape EFT's administration server suffers from an information disclosure vulnerability where the serial number of the harddrive that Globalscape is installed on can be remotely determined via a "trial extension request" message | ||||
| CVE-2023-2820 | 1 Proofpoint | 1 Threat Response Auto Pull | 2024-08-02 | 6.1 Medium |
| An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic. An attacker could use these credentials to impersonate PTR/TRAP to these services. All versions prior to 5.10.0 are affected. | ||||
| CVE-2023-2792 | 1 Mattermost | 1 Mattermost | 2024-08-02 | 6.5 Medium |
| Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command. | ||||
| CVE-2023-2749 | 1 Asustor | 2 Adm, Download Center | 2024-08-02 | 8.6 High |
| Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected products and versions include: Download Center 1.1.5.r1280 and below. | ||||
| CVE-2023-2620 | 1 Gitlab | 1 Gitlab | 2024-08-02 | 5.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions. This addresses an incomplete fix for CVE-2023-0838. | ||||
| CVE-2023-2514 | 1 Mattermost | 1 Mattermost | 2024-08-02 | 6.7 Medium |
| Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization. | ||||
| CVE-2023-2487 | 1 Smackcoders | 1 Export All Posts\, Products\, Orders\, Refunds \& Users | 2024-08-02 | 5.9 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1. | ||||
| CVE-2023-2281 | 1 Mattermost | 1 Mattermost Server | 2024-08-02 | 3.1 Low |
| When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team. | ||||
| CVE-2023-2088 | 1 Redhat | 1 Openstack | 2024-08-02 | 6.5 Medium |
| A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality. | ||||
| CVE-2023-2025 | 1 Johnsoncontrols | 1 Openblue Enterprise Manager Data Collector | 2024-08-02 | 5 Medium |
| OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances. | ||||
| CVE-2023-1998 | 3 Debian, Linux, Redhat | 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more | 2024-08-02 | 5.6 Medium |
| The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects. | ||||
| CVE-2023-1858 | 1 Earnings And Expense Tracker App Project | 1 Earnings And Expense Tracker App | 2024-08-02 | 4.3 Medium |
| A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as problematic. This affects an unknown part of the file index.php. The manipulation of the argument page leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-224997 was assigned to this vulnerability. | ||||
| CVE-2023-1831 | 1 Mattermost | 1 Mattermost Server | 2024-08-02 | 7.2 High |
| Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config). | ||||