Filtered by vendor
Subscriptions
Total
8850 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-43804 | 4 Debian, Fedoraproject, Python and 1 more | 12 Debian Linux, Fedora, Urllib3 and 9 more | 2024-12-13 | 5.9 Medium |
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. | ||||
CVE-2022-33159 | 1 Ibm | 1 Security Directory Suite Va | 2024-12-13 | 5.3 Medium |
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567. | ||||
CVE-2023-25683 | 1 Ibm | 1 Powervm Hypervisor | 2024-12-13 | 5.9 Medium |
IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592. | ||||
CVE-2024-54117 | 1 Huawei | 1 Harmonyos | 2024-12-12 | 6.2 Medium |
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
CVE-2024-54103 | 1 Huawei | 1 Harmonyos | 2024-12-12 | 6.1 Medium |
Vulnerability of improper access control in the album module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
CVE-2024-21793 | 1 F5 | 1 Big-ip Next Central Manager | 2024-12-12 | 7.5 High |
An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
CVE-2024-26026 | 1 F5 | 1 Big-ip Next Central Manager | 2024-12-12 | 7.5 High |
An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
CVE-2024-54119 | 2024-12-12 | 6.2 Medium | ||
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
CVE-2024-12564 | 2024-12-12 | N/A | ||
Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things about the target application which may help in further investigation and exploitation. | ||||
CVE-2024-12255 | 2024-12-12 | 5.3 Medium | ||
The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via the cf7sa-info.php file that returns phpinfo() data. This makes it possible for unauthenticated attackers to extract configuration information that can be leveraged in another attack. | ||||
CVE-2024-40862 | 1 Apple | 1 Xcode | 2024-12-12 | 7.5 High |
A privacy issue was addressed by removing sensitive data. This issue is fixed in Xcode 16. An attacker may be able to determine the Apple ID of the owner of the computer. | ||||
CVE-2024-12329 | 2024-12-12 | 4.3 Medium | ||
The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to access invoices and transaction logs | ||||
CVE-2024-23228 | 1 Apple | 2 Ipados, Iphone Os | 2024-12-12 | 3.3 Low |
This issue was addressed through improved state management. This issue is fixed in iOS 17.3 and iPadOS 17.3. Locked Notes content may have been unexpectedly unlocked. | ||||
CVE-2023-27954 | 3 Apple, Debian, Redhat | 8 Ipados, Iphone Os, Macos and 5 more | 2024-12-12 | 6.5 Medium |
The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information. | ||||
CVE-2023-34242 | 1 Cilium | 1 Cilium | 2024-12-12 | 3.4 Low |
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of secrets (including certificates) and services across namespaces. An attacker on an affected cluster can leverage this issue to use cluster secrets that should not be visible to them, or communicate with services that they should not have access to. Gateway API functionality is disabled by default. This vulnerability is fixed in Cilium release 1.13.4. As a workaround, restrict the creation of `ReferenceGrant` resources to admin users by using Kubernetes RBAC. | ||||
CVE-2024-11961 | 2 Guangzhou Huayi Intelligent Technology, Huayi-tec | 2 Jeewms, Jeewms | 2024-12-11 | 5.3 Medium |
A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7. It has been rated as problematic. This issue affects the function preHandle of the file src/main/java/com/zzjee/wm/controller/WmOmNoticeHController.java. The manipulation of the argument request leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-23662 | 1 Fortinet | 1 Fortios | 2024-12-11 | 5 Medium |
An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests. | ||||
CVE-2024-11008 | 2024-12-11 | 5.3 Medium | ||
The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | ||||
CVE-2024-11351 | 2024-12-11 | 5.3 Medium | ||
The Restrict – membership, site, content and user access restrictions for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.8 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | ||||
CVE-2024-53245 | 2024-12-11 | 3.1 Low | ||
In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard. |