Total
7971 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-45219 | 1 F5 | 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 16 more | 2023-10-18 | N/A | 4.4 MEDIUM |
| Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2016-5848 | 1 Siemens | 1 Sicam Pas\/pqs | 2023-10-17 | 1.7 LOW | 6.7 MEDIUM |
| Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges. | |||||
| CVE-2016-5849 | 1 Siemens | 1 Sicam Pas\/pqs | 2023-10-17 | 1.9 LOW | 2.5 LOW |
| Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage. | |||||
| CVE-2023-44097 | 1 Huawei | 2 Emui, Harmonyos | 2023-10-16 | N/A | 7.5 HIGH |
| Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-27434 | 2 Microsoft, Unified-automation | 2 .net Framework, .net Based Opc Ua Client\/server Sdk | 2023-10-15 | 5.0 MEDIUM | 7.5 HIGH |
| Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow. | |||||
| CVE-2022-34674 | 6 Citrix, Debian, Linux and 3 more | 13 Hypervisor, Debian Linux, Linux Kernel and 10 more | 2023-10-15 | N/A | 6.1 MEDIUM |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak. | |||||
| CVE-2023-30804 | 1 Sangfor | 1 Next-gen Application Firewall | 2023-10-13 | N/A | 6.5 MEDIUM |
| The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpn_html/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated attacker when paired with CVE-2023-30803. | |||||
| CVE-2023-42475 | 1 Sap | 1 S\/4hana | 2023-10-11 | N/A | 4.3 MEDIUM |
| The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality. | |||||
| CVE-2022-34355 | 1 Ibm | 2 Collaborative Lifecycle Management, Engineering Lifecycle Management | 2023-10-10 | N/A | 5.5 MEDIUM |
| IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498. | |||||
| CVE-2019-5640 | 1 Rapid7 | 1 Nexpose | 2023-10-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user | |||||
| CVE-2021-32050 | 1 Mongodb | 5 C\+\+, C Driver, Node.js and 2 more | 2023-10-06 | N/A | 7.5 HIGH |
| Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default). This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0). | |||||
| CVE-2022-22447 | 1 Ibm | 1 Disconnected Log Collector | 2023-10-05 | N/A | 7.5 HIGH |
| IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648. | |||||
| CVE-2023-5256 | 1 Drupal | 1 Drupal | 2023-10-05 | N/A | 7.5 HIGH |
| In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API. The core REST and contributed GraphQL modules are not affected. | |||||
| CVE-2022-0850 | 1 Linux | 1 Linux Kernel | 2023-10-05 | N/A | 7.1 HIGH |
| A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. | |||||
| CVE-2023-3349 | 1 Ayesa | 1 Ibermatica Rps | 2023-10-05 | N/A | 7.5 HIGH |
| Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the URL /RPS2019Service/status.html, the application enables the logging mechanism by generating the log file, which can be downloaded. | |||||
| CVE-2022-47892 | 1 Riello-ups | 2 Netman 204, Netman 204 Firmware | 2023-10-04 | N/A | 7.5 HIGH |
| All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config.cgi) containing sensitive information, like credentials. | |||||
| CVE-2023-5160 | 1 Mattermost | 1 Mattermost | 2023-10-04 | N/A | 4.3 MEDIUM |
| Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled | |||||
| CVE-2023-3413 | 1 Gitlab | 1 Gitlab | 2023-10-03 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to only project members. | |||||
| CVE-2023-4532 | 1 Gitlab | 1 Gitlab | 2023-10-03 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a member of. | |||||
| CVE-2023-3979 | 1 Gitlab | 1 Gitlab | 2023-10-03 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request’s source branch. | |||||