Total
79 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-26192 | 1 Microsoft | 1 Edge Chromium | 2024-11-29 | N/A | 8.2 HIGH |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2024-38103 | 1 Microsoft | 1 Edge | 2024-11-21 | N/A | 5.9 MEDIUM |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2024-37533 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | N/A | 2.4 LOW |
| IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727. | |||||
| CVE-2024-36682 | 2024-11-21 | N/A | 7.5 HIGH | ||
| In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can lead to leak of personal information. | |||||
| CVE-2024-36677 | 2024-11-21 | N/A | 7.5 HIGH | ||
| In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from Weblir for PrestaShop, a guest can access direct link to connect to each customer account of the Shop if the module is not installed OR if a secret accessible to administrator is stolen. | |||||
| CVE-2024-33271 | 2024-11-21 | N/A | 7.5 HIGH | ||
| An issue in FME Modules eventsmanager before 4.4.0 allows an attacker to obtain sensitive information from the ps_customer component. | |||||
| CVE-2024-30321 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information. This could allow an unauthenticated remote attacker to retrieve information such as users and passwords. | |||||
| CVE-2024-28387 | 2024-11-21 | N/A | 7.5 HIGH | ||
| An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component. | |||||
| CVE-2023-5983 | 1 Botanikyazilim | 1 Pharmacy Automation | 2024-11-21 | N/A | 7.5 HIGH |
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve Embedded Sensitive Data.This issue affects Pharmacy Automation: before 2.1.133.0. | |||||
| CVE-2023-50053 | 2024-11-21 | N/A | 7.6 HIGH | ||
| An issue in Foundation.app Foundation platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Foundation, the signed message lacks a nonce (random number) | |||||
| CVE-2023-44213 | 2 Acronis, Microsoft | 2 Agent, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
| Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build 37391. | |||||
| CVE-2023-44156 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | N/A | 7.5 HIGH |
| Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | |||||
| CVE-2023-36052 | 1 Microsoft | 1 Azure Cli | 2024-11-21 | N/A | 8.6 HIGH |
| Azure CLI REST Command Information Disclosure Vulnerability | |||||
| CVE-2023-36018 | 1 Microsoft | 1 Jupyter | 2024-11-21 | N/A | 7.8 HIGH |
| Visual Studio Code Jupyter Extension Spoofing Vulnerability | |||||
| CVE-2023-2703 | 1 Finexmedia | 1 Competition Management System | 2024-11-21 | N/A | 7.5 HIGH |
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07. | |||||
| CVE-2023-2239 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A | 6.5 MEDIUM |
| Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4. | |||||
| CVE-2023-28303 | 1 Microsoft | 2 Snip \& Sketch, Snipping Tool | 2024-11-21 | N/A | 3.3 LOW |
| Windows Snipping Tool Information Disclosure Vulnerability | |||||
| CVE-2023-25632 | 1 Naver | 1 Whale Browser | 2024-11-21 | N/A | 5.5 MEDIUM |
| The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature. | |||||
| CVE-2023-1936 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 3.5 LOW |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to leak the email address of a user who created a service desk issue. | |||||
| CVE-2022-46168 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 3.5 LOW |
| Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta15 on the `beta` and `tests-passed` branches, recipients of a group SMTP email could see the email addresses of all other users inside the group SMTP topic. Most of the time this is not an issue as they are likely already familiar with one another's email addresses. This issue is patched in versions 2.8.14 and 2.9.0.beta15. The fix is that someone sending emails out via group SMTP to non-staged users masks those emails with blind carbon copy (BCC). Staged users are ones that have likely only interacted with the group via email, and will likely include other people who were CC'd on the original email to the group. As a workaround, disable group SMTP for any groups that have it enabled. | |||||