Total
308 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-45184 | 1 Ibm | 1 I Access Client Solutions | 2024-11-21 | N/A | 6.2 MEDIUM |
| IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270. | |||||
| CVE-2023-45182 | 1 Ibm | 1 I Access Client Solutions | 2024-11-21 | N/A | 7.4 HIGH |
| IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265. | |||||
| CVE-2023-42913 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 8.8 HIGH |
| This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions. | |||||
| CVE-2023-41723 | 1 Veeam | 1 One | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes. | |||||
| CVE-2023-40728 | 1 Siemens | 1 Qms Automotive | 2024-11-21 | N/A | 7.3 HIGH |
| A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could allow an attacker to alter content, leading to arbitrary code execution or denial-of-service condition. | |||||
| CVE-2023-3064 | 1 Mobatime | 1 Amxgt 100 | 2024-11-21 | N/A | 7.5 HIGH |
| Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20. | |||||
| CVE-2023-37879 | 1 Wftpserver | 1 Wing Ftp Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| Insecure storage of sensitive information in Wing FTP Server (User Web Client) allows information elicitation.This issue affects Wing FTP Server: <= 7.2.0. | |||||
| CVE-2023-37563 | 1 Elecom | 10 Wrc-1167febk-a, Wrc-1167febk-a Firmware, Wrc-1167febk-s and 7 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions. | |||||
| CVE-2023-37521 | 1 Hcltechsw | 1 Bigfix Bare Osd Metal Server Webui | 2024-11-21 | N/A | 2.3 LOW |
| HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack. | |||||
| CVE-2023-37439 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2024-11-21 | N/A | 6.1 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | |||||
| CVE-2023-34056 | 1 Vmware | 1 Vcenter Server | 2024-11-21 | N/A | 4.3 MEDIUM |
| vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data. | |||||
| CVE-2023-32184 | 1 Opensuse | 1 Welcome | 2024-11-21 | N/A | 7.8 HIGH |
| A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen This issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a. | |||||
| CVE-2023-31150 | 1 Selinc | 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more | 2024-11-21 | N/A | 8.0 HIGH |
| A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords. See SEL Service Bulletin dated 2022-11-15 for more details. | |||||
| CVE-2023-2665 | 1 Rosariosis | 1 Rosariosis | 2024-11-21 | N/A | 7.5 HIGH |
| Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0. | |||||
| CVE-2023-29261 | 1 Ibm | 1 Sterling External Authentication Server | 2024-11-21 | N/A | 5.1 MEDIUM |
| IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM X-Force ID: 252139. | |||||
| CVE-2023-28864 | 1 Progress | 1 Chef Infra Server | 2024-11-21 | N/A | 5.5 MEDIUM |
| Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command. | |||||
| CVE-2023-23437 | 1 Hihonor | 1 Vmall | 2024-11-21 | N/A | 3.3 LOW |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak | |||||
| CVE-2023-23348 | 1 Hcltechsw | 1 Hcl Launch | 2024-11-21 | N/A | 5.1 MEDIUM |
| HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed. | |||||
| CVE-2023-22687 | 1 Freesoul Deactivate Plugins - Plugin Manager And Cleanup Project | 1 Freesoul Deactivate Plugins - Plugin Manager And Cleanup | 2024-11-21 | N/A | 3.7 LOW |
| Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup plugin <= 1.9.4.0 versions. | |||||
| CVE-2023-22469 | 1 Nextcloud | 1 Deck | 2024-11-21 | N/A | 5.8 MEDIUM |
| Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There are currently no known workarounds. It is recommended that the Nextcloud app Deck is upgraded to 1.8.2. | |||||