Total
420 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49080 | 1 Jupyter | 1 Jupyter Server | 2024-11-21 | N/A | 3.5 LOW |
| The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information. There is no known mechanism by which to trigger these errors without authentication, so the paths revealed are not considered particularly sensitive, given that the requesting user has arbitrary execution permissions already in the same environment. A fix has been introduced in commit `0056c3aa52` which no longer includes traceback information in JSON error responses. For compatibility, the traceback field is present, but always empty. This commit has been included in version 2.11.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-48393 | 1 Kaifa | 1 Webitr Attendance System | 2024-11-21 | N/A | 4.3 MEDIUM |
| Kaifa Technology WebITR is an online attendance system. A remote attacker with regular user privilege can obtain partial sensitive system information from error message. | |||||
| CVE-2023-47703 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 271197. | |||||
| CVE-2023-47152 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2, Linux On Ibm Z and 2 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. | |||||
| CVE-2023-46240 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | N/A | 7.5 HIGH |
| CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace `ini_set('display_errors', '0')` with `ini_set('display_errors', 'Off')` in `app/Config/Boot/production.php`. | |||||
| CVE-2023-45701 | 1 Hcltechsw | 1 Hcl Launch | 2024-11-21 | N/A | 4.3 MEDIUM |
| HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||||
| CVE-2023-43021 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 266167. | |||||
| CVE-2023-42475 | 1 Sap | 1 S\/4hana | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality. | |||||
| CVE-2023-42013 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | N/A | 5.3 MEDIUM |
| IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510. | |||||
| CVE-2023-41027 | 1 Juplink | 2 Rx4-1500, Rx4-1500 Firmware | 2024-11-21 | 7.7 HIGH | 8.0 HIGH |
| Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint. | |||||
| CVE-2023-40767 | 1 Phpjabbers | 1 Make An Offer Widget | 2024-11-21 | N/A | 9.8 CRITICAL |
| User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-40766 | 1 Phpjabbers | 1 Ticket Support Script | 2024-11-21 | N/A | 9.8 CRITICAL |
| User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-40765 | 1 Phpjabbers | 1 Event Booking Calendar | 2024-11-21 | N/A | 9.8 CRITICAL |
| User enumeration is found in PHPJabbers Event Booking Calendar v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-40764 | 1 Phpjabbers | 1 Car Rental Script | 2024-11-21 | N/A | 9.8 CRITICAL |
| User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-40763 | 1 Phpjabbers | 1 Taxi Booking Script | 2024-11-21 | N/A | 9.8 CRITICAL |
| User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-40762 | 1 Phpjabbers | 1 Fundraising Script | 2024-11-21 | N/A | 9.8 CRITICAL |
| User enumeration is found in PHPJabbers Fundraising Script v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-40761 | 1 Phpjabbers | 1 Yacht Listing Script | 2024-11-21 | N/A | 9.8 CRITICAL |
| User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-40760 | 1 Phpjabbers | 1 Hotel Booking System | 2024-11-21 | N/A | 9.8 CRITICAL |
| User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-40759 | 1 Phpjabbers | 1 Restaurant Booking Script | 2024-11-21 | N/A | 9.8 CRITICAL |
| User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-40758 | 1 Phpjabbers | 1 Document Creator | 2024-11-21 | N/A | 9.8 CRITICAL |
| User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||