Total
9639 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5166 | 1 Docker | 1 Docker Desktop | 2024-11-21 | 8 High |
| Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0. | ||||
| CVE-2023-5160 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 4.3 Medium |
| Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled | ||||
| CVE-2023-52286 | 1 Tencent | 1 Tencent Distributed Sql | 2024-11-21 | 7.5 High |
| Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/get_db_info request, a related issue to CVE-2023-42387. | ||||
| CVE-2023-52185 | 1 Everestthemes | 1 Everest Backup | 2024-11-21 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Everestthemes Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin.This issue affects Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin: from n/a through 2.1.9. | ||||
| CVE-2023-52148 | 1 Wpaffiliatemanager | 1 Affiliates Manager | 2024-11-21 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.30. | ||||
| CVE-2023-52147 | 2024-11-21 | 3.7 Low | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects All In One WP Security & Firewall: from n/a through 5.2.4. | ||||
| CVE-2023-51688 | 1 Implecode | 1 Ecommerce Product Catalog | 2024-11-21 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress.This issue affects eCommerce Product Catalog Plugin for WordPress: from n/a through 3.3.26. | ||||
| CVE-2023-51687 | 1 Implecode | 1 Product Catalog Simple | 2024-11-21 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode Product Catalog Simple.This issue affects Product Catalog Simple: from n/a through 1.7.6. | ||||
| CVE-2023-51527 | 1 Aipower | 1 Aipower | 2024-11-21 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.2. | ||||
| CVE-2023-50950 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 3.7 Low |
| IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: 275709. | ||||
| CVE-2023-50894 | 2024-11-21 | 8.8 High | ||
| In Janitza GridVis through 9.0.66, use of hard-coded credentials in the de.janitza.pasw.feature.impl.activators.PasswordEncryption password encryption function allows remote authenticated administrative users to discover cleartext database credentials contained in error report information. | ||||
| CVE-2023-50720 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 5.3 Medium |
| XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*` using XWiki's regular search interface. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-50719 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 7.5 High |
| XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren't accessible but this vulnerability would disclose them as plain text. This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-50715 | 1 Home-assistant | 1 Home-assistant | 2024-11-21 | 4.3 Medium |
| Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains a patch for this issue. When starting the Home Assistant 2023.12 release, the login page returns all currently active user accounts to browsing requests from the Local Area Network. Tests showed that this occurs when the request is not authenticated and the request originated locally, meaning on the Home Assistant host local subnet or any other private subnet. The rationale behind this is to make the login more user-friendly and an experience better aligned with other applications that have multiple user-profiles. However, as a result, all accounts are displayed regardless of them having logged in or not and for any device that navigates to the server. This disclosure is mitigated by the fact that it only occurs for requests originating from a LAN address. But note that this applies to the local subnet where Home Assistant resides and to any private subnet that can reach it. | ||||
| CVE-2023-50705 | 1 Efacec | 2 Uc 500e, Uc 500e Firmware | 2024-11-21 | 5.3 Medium |
| An attacker could create malicious requests to obtain sensitive information about the web server. | ||||
| CVE-2023-50271 | 1 Hp | 2 Hp-ux, System Management Homepage | 2024-11-21 | 7.2 High |
| A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information. | ||||
| CVE-2023-50263 | 1 Networktocode | 1 Nautobot | 2024-11-21 | 3.7 Low |
| Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs `/files/get/?name=...` and `/files/download/?name=...` are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job in question runs. In the default implementation used in Nautobot, as provided by `django-db-file-storage`, these URLs do not by default require any user authentication to access; they should instead be restricted to only users who have permissions to view Nautobot's `FileProxy` model instances. Note that no URL mechanism is provided for listing or traversal of the available file `name` values, so in practice an unauthenticated user would have to guess names to discover arbitrary files for download, but if a user knows the file name/path value, they can access it without authenticating, so we are considering this a vulnerability. Fixes are included in Nautobot 1.6.7 and Nautobot 2.0.6. No known workarounds are available other than applying the patches included in those versions. | ||||
| CVE-2023-4877 | 1 Hamza417 | 1 Inure | 2024-11-21 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92. | ||||
| CVE-2023-4876 | 1 Hamza417 | 1 Inure | 2024-11-21 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92. | ||||
| CVE-2023-4714 | 1 Playtube | 1 Playtube | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. The identifier VDB-238577 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||