Total
121 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22124 | 1 Sap | 1 Netweaver | 2024-11-21 | 4.1 Medium |
| Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22_EXT, WEBDISP 7.22_EXT, WEBDISP 7.53, WEBDISP 7.54, could allow an attacker to access information which would otherwise be restricted causing high impact on confidentiality. | ||||
| CVE-2023-5081 | 1 Lenovo | 8 Tab M8 Hd Tb8505f, Tab M8 Hd Tb8505f Firmware, Tab M8 Hd Tb8505fs and 5 more | 2024-11-21 | 3.3 Low |
| An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier. | ||||
| CVE-2023-50959 | 1 Ibm | 1 Cloud Pak For Business Automation | 2024-11-21 | 5.3 Medium |
| IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938. | ||||
| CVE-2023-50180 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | 5.2 Medium |
| An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other admins. | ||||
| CVE-2023-4605 | 2024-11-21 | 6.5 Medium | ||
| A valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve system event information. | ||||
| CVE-2023-42010 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 3.1 Low |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. IBM X-Force ID: 265507. | ||||
| CVE-2023-41366 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 5.3 Medium |
| Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, allows an unauthenticated attacker to access the unintended data due to the lack of restrictions applied which may lead to low impact in confidentiality and no impact on the integrity and availability of the application. | ||||
| CVE-2023-37487 | 1 Sap | 1 Business One | 2024-11-21 | 5.3 Medium |
| SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application | ||||
| CVE-2023-34209 | 1 Easyuse | 1 Mailhunter Ultimate | 2024-11-21 | 5 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter. | ||||
| CVE-2023-2541 | 1 Knime | 1 Business Hub | 2024-11-21 | 5.3 Medium |
| The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. No personal information or application data was exposed. | ||||
| CVE-2023-20111 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to the improper storage of sensitive information within the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface and viewing hidden fields within the application. A successful exploit could allow the attacker to access sensitive information, including device entry credentials, that could aid the attacker in further attacks. | ||||
| CVE-2022-4968 | 1 Canonical | 1 Netplan | 2024-11-21 | 6.5 Medium |
| netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected. | ||||
| CVE-2022-38710 | 2 Ibm, Microsoft | 4 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 1 more | 2024-11-21 | 5.3 Medium |
| IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. IBM X-Force ID: 234292. | ||||
| CVE-2022-32296 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 3.3 Low |
| The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056. | ||||
| CVE-2022-2403 | 1 Redhat | 1 Openshift | 2024-11-21 | 6.5 Medium |
| A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate. | ||||
| CVE-2022-28651 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 8.4 High |
| In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields | ||||
| CVE-2022-23711 | 1 Elastic | 1 Kibana | 2024-11-21 | 5.3 Medium |
| A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring features provide a way to keep a pulse on the health and performance of your Elasticsearch cluster. Authentication with a vulnerable Kibana instance is not required to view the exposed information. The Elastic Stack monitoring exposure only impacts users that have set any of the optional monitoring.ui.elasticsearch.* settings in order to configure Kibana as a remote UI for Elastic Stack Monitoring. The same vulnerability in Kibana could expose other non-sensitive application-internal information in the page source. | ||||
| CVE-2022-23648 | 3 Debian, Fedoraproject, Linuxfoundation | 3 Debian Linux, Fedora, Containerd | 2024-11-21 | 7.5 High |
| containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue. | ||||
| CVE-2022-20734 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2024-11-21 | 4.4 Medium |
| A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system. | ||||
| CVE-2022-20664 | 1 Cisco | 2 Email Security Appliance, Secure Email And Web Manager | 2024-11-21 | 7.7 High |
| A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to an affected device. This vulnerability is due to a lack of proper input sanitization while querying the external authentication server. An attacker could exploit this vulnerability by sending a crafted query through an external authentication web page. A successful exploit could allow the attacker to gain access to sensitive information, including user credentials from the external authentication server. To exploit this vulnerability, an attacker would need valid operator-level (or higher) credentials. | ||||