Filtered by vendor
Subscriptions
Total
393 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-40766 | 1 Phpjabbers | 1 Ticket Support Script | 2024-11-21 | 9.8 Critical |
User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
CVE-2023-40765 | 1 Phpjabbers | 1 Event Booking Calendar | 2024-11-21 | 9.8 Critical |
User enumeration is found in PHPJabbers Event Booking Calendar v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
CVE-2023-40764 | 1 Phpjabbers | 1 Car Rental Script | 2024-11-21 | 9.8 Critical |
User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
CVE-2023-40763 | 1 Phpjabbers | 1 Taxi Booking Script | 2024-11-21 | 9.8 Critical |
User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
CVE-2023-40762 | 1 Phpjabbers | 1 Fundraising Script | 2024-11-21 | 9.8 Critical |
User enumeration is found in PHPJabbers Fundraising Script v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
CVE-2023-40761 | 1 Phpjabbers | 1 Yacht Listing Script | 2024-11-21 | 9.8 Critical |
User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
CVE-2023-40760 | 1 Phpjabbers | 1 Hotel Booking System | 2024-11-21 | 9.8 Critical |
User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
CVE-2023-40759 | 1 Phpjabbers | 1 Restaurant Booking Script | 2024-11-21 | 9.8 Critical |
User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
CVE-2023-40758 | 1 Phpjabbers | 1 Document Creator | 2024-11-21 | 9.8 Critical |
User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
CVE-2023-40757 | 1 Phpjabbers | 1 Food Delivery Script | 2024-11-21 | 9.8 Critical |
User enumeration is found in PHPJabbers Food Delivery Script v3.1. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
CVE-2023-40725 | 1 Siemens | 1 Qms Automotive | 2024-11-21 | 4 Medium |
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and identify valid usernames. | ||||
CVE-2023-40171 | 1 Netflix | 1 Dispatch | 2024-11-21 | 9.1 Critical |
Dispatch is an open source security incident management tool. The server response includes the JWT Secret Key used for signing JWT tokens in error message when the `Dispatch Plugin - Basic Authentication Provider` plugin encounters an error when attempting to decode a JWT token. Any Dispatch users who own their instance and rely on the `Dispatch Plugin - Basic Authentication Provider` plugin for authentication may be impacted, allowing for any account to be taken over within their own instance. This could be done by using the secret to sign attacker crafted JWTs. If you think that you may be impacted, we strongly suggest you to rotate the secret stored in the `DISPATCH_JWT_SECRET` envvar in the `.env` file. This issue has been addressed in commit `b1942a4319` which has been included in the `20230817` release. users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
CVE-2023-3362 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub. | ||||
CVE-2023-39264 | 1 Apache | 1 Superset | 2024-11-21 | 4.3 Medium |
By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0. | ||||
CVE-2023-37489 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 5.3 Medium |
Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no impact on the application's availability or integrity. | ||||
CVE-2023-37260 | 2 Oauth2-server Project, Thephpleague | 2 Oauth2-server, Oauth2-server | 2024-11-21 | 8.2 High |
league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException message if they did not provide a valid pass phrase for the key where required. This issue has been patched so that the provided key is no longer exposed in the exception message in the scenario outlined above. Users should upgrade to version 8.5.3 to receive the patch. As a workaround, pass the key as a file instead of a string. | ||||
CVE-2023-35124 | 1 Openautomationsoftware | 1 Oas Platform | 2024-11-21 | 3.1 Low |
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
CVE-2023-35009 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 5.3 Medium |
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. IBM X-Force ID: 257703. | ||||
CVE-2023-34339 | 1 Jetbrains | 1 Ktor | 2024-11-21 | 3.3 Low |
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message | ||||
CVE-2023-33835 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-11-21 | 4.3 Medium |
IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 256015. |