Total
41 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29987 | 2024-06-11 | N/A | 6.5 MEDIUM | ||
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2024-26192 | 2024-06-11 | N/A | 8.2 HIGH | ||
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2023-28303 | 1 Microsoft | 2 Snip \& Sketch, Snipping Tool | 2024-05-29 | N/A | 3.3 LOW |
| Windows Snipping Tool Information Disclosure Vulnerability | |||||
| CVE-2023-36052 | 1 Microsoft | 1 Azure Cli | 2024-05-29 | N/A | 8.6 HIGH |
| Azure CLI REST Command Information Disclosure Vulnerability | |||||
| CVE-2023-36018 | 1 Microsoft | 1 Jupyter | 2024-05-29 | N/A | 9.8 CRITICAL |
| Visual Studio Code Jupyter Extension Spoofing Vulnerability | |||||
| CVE-2024-30056 | 2024-05-28 | N/A | 7.1 HIGH | ||
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2024-29986 | 2024-04-19 | N/A | 5.4 MEDIUM | ||
| Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2024-29888 | 2024-03-28 | N/A | 4.2 MEDIUM | ||
| Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`. | |||||
| CVE-2021-22876 | 8 Broadcom, Debian, Fedoraproject and 5 more | 12 Fabric Operating System, Debian Linux, Fedora and 9 more | 2024-03-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. | |||||
| CVE-2022-20942 | 1 Cisco | 4 Asyncos, Secure Email And Web Manager, Secure Email Gateway and 1 more | 2024-01-25 | N/A | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve sensitive information from an affected device, including user credentials. This vulnerability is due to weak enforcement of back-end authorization checks. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain confidential data that is stored on the affected device. | |||||
| CVE-2023-50719 | 1 Xwiki | 1 Xwiki | 2023-12-19 | N/A | 7.5 HIGH |
| XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren't accessible but this vulnerability would disclose them as plain text. This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-26041 | 1 Nextcloud | 1 Nextcloud Talk | 2023-11-07 | N/A | 4.3 MEDIUM |
| Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk is upgraded to 15.0.3. There are no workaround available. | |||||
| CVE-2023-34085 | 1 Pingidentity | 1 Pingfederate | 2023-10-31 | N/A | 4.3 MEDIUM |
| When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request | |||||
| CVE-2023-2703 | 1 Finexmedia | 1 Competition Management System | 2023-08-02 | N/A | 7.5 HIGH |
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07. | |||||
| CVE-2022-36091 | 1 Xwiki | 1 Xwiki | 2023-07-21 | N/A | 7.5 HIGH |
| XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. Through the suggestion feature, string and list properties of objects the user shouldn't have access to can be accessed in versions prior to 13.10.4 and 14.2. This includes private personal information like email addresses and salted password hashes of registered users but also other information stored in properties of objects. Sensitive configuration fields like passwords for LDAP or SMTP servers could be accessed. By exploiting an additional vulnerability, this issue can even be exploited on private wikis at least for string properties. The issue is patched in version 13.10.4 and 14.2. Password properties are no longer displayed and rights are checked for other properties. A workaround is available. The template file `suggest.vm` can be replaced by a patched version without upgrading or restarting XWiki unless it has been overridden, in which case the overridden template should be patched, too. This might need adjustments for older versions, though. | |||||
| CVE-2022-24820 | 1 Xwiki | 1 Xwiki | 2023-07-06 | 4.3 MEDIUM | 5.3 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem. | |||||
| CVE-2022-24719 | 1 Fluture-node Project | 1 Fluture-node | 2023-07-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Using `followRedirects` or `followRedirectsWith` with any of the redirection strategies built into fluture-node 4.0.0 or 4.0.1, paired with a request that includes confidential headers such as Authorization or Cookie, exposes you to a vulnerability where, if the destination server were to redirect the request to a server on a third-party domain, or the same domain over unencrypted HTTP, the headers would be included in the follow-up request and be exposed to the third party, or potential http traffic sniffing. The redirection strategies made available in version 4.0.2 automatically redact confidential headers when a redirect is followed across to another origin. A workaround has been identified by using a custom redirection strategy via the `followRedirectsWith` function. The custom strategy can be based on the new strategies available in fluture-node@4.0.2. | |||||
| CVE-2023-35151 | 1 Xwiki | 1 Xwiki | 2023-06-30 | N/A | 7.5 HIGH |
| XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround. | |||||
| CVE-2023-22918 | 1 Zyxel | 102 Atp100, Atp100 Firmware, Atp100w and 99 more | 2023-06-12 | N/A | 6.5 MEDIUM |
| A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device. | |||||
| CVE-2023-2239 | 1 Microweber | 1 Microweber | 2023-04-28 | N/A | 6.5 MEDIUM |
| Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4. | |||||