Total
7971 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4630 | 1 Gitlab | 1 Gitlab | 2023-09-13 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which any user can read limited information about any project's imports. | |||||
| CVE-2023-40622 | 1 Sap | 1 Businessobjects Business Intelligence | 2023-09-13 | N/A | 9.9 CRITICAL |
| SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation, the attacker can completely compromise the application causing high impact on confidentiality, integrity, and availability. | |||||
| CVE-2023-4876 | 1 Hamza417 | 1 Inure | 2023-09-13 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92. | |||||
| CVE-2023-4877 | 1 Hamza417 | 1 Inure | 2023-09-13 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92. | |||||
| CVE-2023-40712 | 1 Apache | 1 Airflow | 2023-09-13 | N/A | 6.5 MEDIUM |
| Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI. Users are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability. | |||||
| CVE-2023-41050 | 1 Zope | 2 Accesscontrol, Zope | 2023-09-13 | N/A | 7.7 HIGH |
| AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible (recursively) via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown `getattr` and `getitem`, not the policy restricted `AccessControl` variants `_getattr_` and `_getitem_`. This can lead to critical information disclosure. `AccessControl` already provides a safe variant for `str.format` and denies access to `string.Formatter`. However, `str.format_map` is still unsafe. Affected are all users who allow untrusted users to create `AccessControl` controlled Python code and execute it. A fix has been introduced in versions 4.4, 5.8 and 6.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-22409 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2023-09-13 | N/A | 5.3 MEDIUM |
| IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592. | |||||
| CVE-2015-4495 | 5 Canonical, Mozilla, Novell and 2 more | 9 Ubuntu Linux, Firefox, Firefox Esr and 6 more | 2023-09-12 | 4.3 MEDIUM | N/A |
| The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015. | |||||
| CVE-2016-4569 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2023-09-12 | 2.1 LOW | 5.5 MEDIUM |
| The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. | |||||
| CVE-2016-4482 | 4 Canonical, Fedoraproject, Linux and 1 more | 11 Ubuntu Linux, Fedora, Linux Kernel and 8 more | 2023-09-12 | 2.1 LOW | 6.2 MEDIUM |
| The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. | |||||
| CVE-2016-4486 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2023-09-12 | 2.1 LOW | 3.3 LOW |
| The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. | |||||
| CVE-2016-4913 | 4 Canonical, Linux, Novell and 1 more | 6 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 3 more | 2023-09-12 | 7.2 HIGH | 7.8 HIGH |
| The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem. | |||||
| CVE-2014-1505 | 7 Canonical, Debian, Mozilla and 4 more | 17 Ubuntu Linux, Debian Linux, Firefox and 14 more | 2023-09-12 | 5.0 MEDIUM | 7.5 HIGH |
| The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693. | |||||
| CVE-2016-4485 | 3 Canonical, Linux, Novell | 5 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 2 more | 2023-09-12 | 5.0 MEDIUM | 7.5 HIGH |
| The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message. | |||||
| CVE-2023-32271 | 1 Openautomationsoftware | 1 Oas Platform | 2023-09-08 | N/A | 6.5 MEDIUM |
| An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2023-31927 | 1 Broadcom | 1 Brocade Fabric Operating System | 2023-09-08 | N/A | 5.3 MEDIUM |
| An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface. | |||||
| CVE-2023-23763 | 1 Github | 1 Enterprise Server | 2023-09-07 | N/A | 5.3 MEDIUM |
| An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2022-4343 | 1 Gitlab | 1 Gitlab | 2023-09-07 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile. | |||||
| CVE-2023-4378 | 1 Gitlab | 1 Gitlab | 2023-09-07 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the configured URL in the Sentry error tracking settings page. This was as a result of an incomplete fix for CVE-2022-4365. | |||||
| CVE-2022-41954 | 1 Mpxj | 1 Mpxj | 2023-09-07 | N/A | 3.3 LOW |
| MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ's use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r--r--`. This means that any other user on the system can read the contents of this file. When MPXJ is reading a schedule file which requires the creation of a temporary file or directory, a knowledgeable local user could locate these transient files while they are in use and would then be able to read the schedule being processed by MPXJ. The problem has been patched, MPXJ version 10.14.1 and later includes the necessary changes. Users unable to upgrade may set `java.io.tmpdir` to a directory to which only the user running the application has access will prevent other users from accessing these temporary files. | |||||