Export limit exceeded: 345237 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8076 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6573 | 1 Hp | 1 Oneview | 2024-11-21 | 5.5 Medium |
| HPE OneView may have a missing passphrase during restore. | ||||
| CVE-2023-6460 | 1 Google | 1 Cloud Firestore | 2024-11-21 | 4 Medium |
| A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue | ||||
| CVE-2023-6375 | 1 Tylertech | 1 Court Case Management Plus | 2024-11-21 | 5.3 Medium |
| Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials. | ||||
| CVE-2023-6287 | 1 Tribe29 | 1 Checkmk Appliance Firmware | 2024-11-21 | 3.3 Low |
| Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files. | ||||
| CVE-2023-6254 | 1 Otrs | 1 Otrs | 2024-11-21 | 8.1 High |
| A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37. | ||||
| CVE-2023-6114 | 1 Awesomemotive | 1 Duplicator | 2024-11-21 | 7.5 High |
| The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site. | ||||
| CVE-2023-6069 | 1 Froxlor | 1 Froxlor | 2024-11-21 | 9.9 Critical |
| Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0. | ||||
| CVE-2023-6014 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | 9.8 Critical |
| An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment. | ||||
| CVE-2023-5834 | 1 Hashicorp | 1 Vagrant | 2024-11-21 | 3.8 Low |
| HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0. | ||||
| CVE-2023-5720 | 1 Quarkus | 1 Quarkus | 2024-11-21 | 7.7 High |
| A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application. | ||||
| CVE-2023-5552 | 1 Sophos | 1 Firewall | 2024-11-21 | 7.1 High |
| A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”. | ||||
| CVE-2023-5499 | 1 Reachfargps | 2 Reachfar Gps, Reachfar Gps Firmware | 2024-11-21 | 7.5 High |
| Information exposure vulnerability in Shenzhen Reachfar v28, the exploitation of which could allow a remote attacker to retrieve all the week's logs stored in the 'log2' directory. An attacker could retrieve sensitive information such as remembered wifi networks, sent messages, SOS device locations and device configurations. | ||||
| CVE-2023-5339 | 1 Mattermost | 1 Mattermost Desktop | 2024-11-21 | 4.7 Medium |
| Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. | ||||
| CVE-2023-5297 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 3.7 Low |
| A vulnerability was found in Xinhu RockOA 2.3.2. It has been classified as problematic. This affects the function start of the file task.php?m=sys|runt&a=beifen. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240927. | ||||
| CVE-2023-5183 | 1 Illumio | 1 Core Policy Compute Engine | 2024-11-21 | 9.9 Critical |
| Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the network_traffic API endpoint. An attacker can leverage this vulnerability to execute code in the context of the PCE’s operating system user. | ||||
| CVE-2023-5182 | 1 Canonical | 1 Subiquity | 2024-11-21 | 5.5 Medium |
| Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege. | ||||
| CVE-2023-5016 | 1 Ssssssss | 1 Spider-flow | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in spider-flow up to 0.5.0. It has been declared as critical. Affected by this vulnerability is the function DriverManager.getConnection of the file src/main/java/org/spiderflow/controller/DataSourceController.java of the component API. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239857 was assigned to this vulnerability. | ||||
| CVE-2023-52338 | 1 Trendmicro | 2 Deep Security, Deep Security Agent | 2024-11-21 | 7.8 High |
| A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2023-52218 | 1 Antonbond | 1 Woocommerce Tranzila Payment Gateway | 2024-11-21 | 10 Critical |
| Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment Gateway.This issue affects Woocommerce Tranzila Payment Gateway: from n/a through 1.0.8. | ||||
| CVE-2023-52206 | 1 Blueastral | 1 Page Builder\ | 2024-11-21 | 7.7 High |
| Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer live-composer-page-builder.This issue affects Page Builder: Live Composer: from n/a through 1.5.25. | ||||