Total
492 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40251 | 1 Genians | 2 Genian Nac, Genian Ztna | 2024-11-21 | 5.2 Medium |
| Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15. | ||||
| CVE-2023-39954 | 1 Nextcloud | 1 User Oidc | 2024-11-21 | 3.8 Low |
| user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, an attacker that obtained at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked servers. user_oidc 1.3.3 contains a patch. No known workarounds are available. | ||||
| CVE-2023-39843 | 1 Sulimet | 2 5-in-1 Smart Door Lock, 5-in-1 Smart Door Lock Firmware | 2024-11-21 | 2.4 Low |
| Missing encryption in the RFID tag of Suleve 5-in-1 Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device. | ||||
| CVE-2023-39842 | 1 Mydigoo | 2 Dg-hamb Smart Home Security System, Dg-hamb Smart Home Security System Firmware | 2024-11-21 | 2.4 Low |
| Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device. | ||||
| CVE-2023-39841 | 1 Etekcity | 2 3-in-1 Smart Door Lock, 3-in-1 Smart Door Lock Firmware | 2024-11-21 | 4.6 Medium |
| Missing encryption in the RFID tag of Etekcity 3-in-1 Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device. | ||||
| CVE-2023-38699 | 1 Mindsdb | 1 Mindsdb | 2024-11-21 | 9.1 Critical |
| MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version 23.7.4.0, certificates are validated by default, which is the desired behavior. | ||||
| CVE-2023-38688 | 1 Xithrius | 1 Twitch-tui | 2024-11-21 | 7.5 High |
| twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including auth tokens, can be sniffed. Version 2.4.1 has a patch for this issue. | ||||
| CVE-2023-38267 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-11-21 | 6.2 Medium |
| IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 260584. | ||||
| CVE-2023-37943 | 1 Jenkins | 1 Active Directory | 2024-11-21 | 5.9 Medium |
| Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Active Directory credentials. | ||||
| CVE-2023-37858 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2024-11-21 | 4.9 Medium |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password. | ||||
| CVE-2023-37192 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-21 | 7.5 High |
| Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing. | ||||
| CVE-2023-33837 | 1 Ibm | 1 Security Verify Governance | 2024-11-21 | 4.1 Medium |
| IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020. | ||||
| CVE-2023-33833 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-11-21 | 2.9 Low |
| IBM Security Verify Information Queue 10.0.4 and 10.0.5 stores sensitive information in plain clear text which can be read by a local user. IBM X-Force ID: 256013. | ||||
| CVE-2023-33228 | 1 Solarwinds | 1 Network Configuration Manager | 2024-11-21 | 4.5 Medium |
| The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information. | ||||
| CVE-2023-31825 | 1 Inageya | 1 Inageya | 2024-11-21 | 7.5 High |
| An issue found in Inageya v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Inageya function. | ||||
| CVE-2023-31822 | 1 Entetsu | 1 Entetsu Store | 2024-11-21 | 7.5 High |
| An issue found in Entetsu Store v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Entetsu Store function. | ||||
| CVE-2023-31820 | 1 Shizutetsu | 1 Shizutetsu Store | 2024-11-21 | 7.5 High |
| An issue found in Shizutetsu Store v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function. | ||||
| CVE-2023-31819 | 1 Livre | 1 Keisei Store | 2024-11-21 | 7.5 High |
| An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function. | ||||
| CVE-2023-30561 | 1 Bd | 2 Alaris 8015 Pcu, Alaris 8015 Pcu Firmware | 2024-11-21 | 6.1 Medium |
| The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running. | ||||
| CVE-2023-23371 | 1 Qnap | 1 Qvpn | 2024-11-21 | 5.2 Medium |
| A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.2.0.0823 and later | ||||