Total
7971 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1968 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2023-03-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Identity Manager 7.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153749. | |||||
| CVE-2023-0901 | 1 Pixelfed | 1 Pixelfed | 2023-02-28 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pixelfed/pixelfed prior to 0.11.4. | |||||
| CVE-2022-2827 | 1 Ami | 1 Megarac Sp-x | 2023-02-28 | N/A | 7.5 HIGH |
| AMI MegaRAC User Enumeration Vulnerability | |||||
| CVE-2023-23458 | 1 Sunellsecurity | 14 Sn-adr3804e1, Sn-adr3804e1 Firmware, Sn-adr3808e1 and 11 more | 2023-02-24 | N/A | 6.5 MEDIUM |
| Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information to an Unauthorized Actor through an unspecified request. | |||||
| CVE-2021-3773 | 4 Fedoraproject, Linux, Oracle and 1 more | 6 Fedora, Linux Kernel, Communications Cloud Native Core Binding Support Function and 3 more | 2023-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. | |||||
| CVE-2016-3201 | 1 Microsoft | 4 Edge, Windows 10, Windows 8.1 and 1 more | 2023-02-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3215. | |||||
| CVE-2022-45454 | 2 Acronis, Microsoft | 3 Agent, Cyber Protect, Windows | 2023-02-23 | N/A | 7.5 HIGH |
| Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984. | |||||
| CVE-2019-5463 | 1 Gitlab | 1 Gitlab | 2023-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. | |||||
| CVE-2020-6812 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more | 2023-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. | |||||
| CVE-2018-0140 | 1 Cisco | 19 Content Security Management Appliance, Content Security Management Appliance Sma M190, Content Security Management Appliance Sma M390 and 16 more | 2023-02-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of verification of authenticated user accounts. An attacker could exploit this vulnerability by modifying browser strings to see messages submitted by other users to the spam quarantine within their company. Cisco Bug IDs: CSCvg39759, CSCvg42295. | |||||
| CVE-2015-2774 | 3 Erlang, Opensuse, Oracle | 3 Erlang\/otp, Opensuse, Solaris | 2023-02-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). | |||||
| CVE-2023-21435 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 5.5 MEDIUM |
| Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log. | |||||
| CVE-2023-25164 | 1 Tina | 1 Tinacms | 2023-02-18 | N/A | 7.5 HIGH |
| Tinacms is a Git-backed headless content management system with support for visual editing. Sites being built with @tinacms/cli >= 1.0.0 && < 1.0.9 which store sensitive values in the process.env variable are impacted. These values will be added in plaintext to the index.js file. If you're on a version prior to 1.0.0 this vulnerability does not affect you. If you are affected and your Tina-enabled website has sensitive credentials stored as environment variables (eg. Algolia API keys) you should rotate those keys immediately. This issue has been patched in @tinacms/cli@1.0.9. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-25165 | 1 Helm | 1 Helm | 2023-02-16 | N/A | 4.3 MEDIUM |
| Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS lookup happens when used with `helm install|upgrade|template` or when the Helm SDK is used to render a chart. Information passed into the chart can be disclosed to the DNS servers used to lookup the IP address. For example, a malicious chart could inject `getHostByName` into a chart in order to disclose values to a malicious DNS server. The issue has been fixed in Helm 3.11.1. Prior to using a chart with Helm verify the `getHostByName` function is not being used in a template to disclose any information you do not want passed to DNS servers. | |||||
| CVE-2022-46650 | 1 Sierrawireless | 9 Aleos, Es450, Gx450 and 6 more | 2023-02-16 | N/A | 4.9 MEDIUM |
| Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page. | |||||
| CVE-2022-1774 | 1 Diagrams | 1 Drawio | 2023-02-16 | 5.8 MEDIUM | 6.1 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7. | |||||
| CVE-2015-8393 | 3 Fedoraproject, Pcre, Php | 3 Fedora, Perl Compatible Regular Expression Library, Php | 2023-02-16 | 5.0 MEDIUM | 7.5 HIGH |
| pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. | |||||
| CVE-2020-35568 | 2 Helmholz, Mbconnectline | 4 Myrex24, Myrex24.virtual, Mbconnect24 and 1 more | 2023-02-16 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account. | |||||
| CVE-2022-40691 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2023-02-15 | N/A | 5.3 MEDIUM |
| An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2023-23624 | 1 Discourse | 1 Discourse | 2023-02-14 | N/A | 5.3 MEDIUM |
| Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, someone can use the `exclude_tag param` to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse site using hidden tags in public categories. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. As a workaround, secure any categories that are using hidden tags, change any existing hidden tags to not include private data, or remove any hidden tags currently in use. | |||||