ReportizFlow
Filtered by vendor
Subscriptions
Total
648 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-34725 | 2 Jaycar, Techview | 3 La5570, La5570 Firmware, La-5570 Wireless Gateway | 2024-11-21 | 6.8 Medium |
| An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection. | ||||
| CVE-2023-34189 | 1 Apache | 1 Inlong | 2024-11-21 | 6.5 Medium |
| Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109 to solve it. | ||||
| CVE-2023-34119 | 1 Zoom | 1 Rooms | 2024-11-21 | 8.2 High |
| Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. | ||||
| CVE-2023-33368 | 1 Assaabloy | 1 Control Id Idsecure | 2024-11-21 | 6.5 Medium |
| Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes. | ||||
| CVE-2023-33293 | 1 Kaiostech | 1 Kaios | 2024-11-21 | 5.3 Medium |
| An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios/api-daemon exposes a local web server on *.localhost with subdomains for each installed applications, e.g., myapp.localhost. An attacker can make fetch requests to api-deamon to determine if a given app is installed and read the manifest.webmanifest contents, including the app version. | ||||
| CVE-2023-32760 | 1 Archerirm | 1 Archer | 2024-11-21 | 7.7 High |
| An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication. | ||||
| CVE-2023-32759 | 1 Archerirm | 1 Archer | 2024-11-21 | 7.5 High |
| An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL. | ||||
| CVE-2023-32275 | 1 Softether | 1 Vpn | 2024-11-21 | 5.5 Medium |
| An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability. | ||||
| CVE-2023-31818 | 1 Marukyu | 1 Marukyu Line | 2024-11-21 | 7.5 High |
| An issue found in Marukyu Line v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function. | ||||
| CVE-2023-31206 | 1 Apache | 1 Inlong | 2024-11-21 | 7.5 High |
| Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it. [1] https://cveprocess.apache.org/cve5/[1]%C2%A0https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 | ||||
| CVE-2023-31103 | 1 Apache | 1 Inlong | 2024-11-21 | 7.5 High |
| Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 to solve it. | ||||
| CVE-2023-31014 | 2 Google, Nvidia | 2 Android, Geforce Now | 2024-11-21 | 4.2 Medium |
| NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial of service, and code execution. | ||||
| CVE-2023-30960 | 1 Palantir | 1 Foundry Job-tracker | 2024-11-21 | 4.3 Medium |
| A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required. | ||||
| CVE-2023-30802 | 1 Sangfor | 1 Next-gen Application Firewall | 2024-11-21 | 5.3 Medium |
| The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field. | ||||
| CVE-2023-2916 | 1 Revmakx | 1 Infinitewp Client | 2024-11-21 | 7.5 High |
| The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. It can only be exploited if the plugin has not been configured yet. If combined with another arbitrary plugin installation and activation vulnerability, it may be possible to connect a site to InfiniteWP which would make remote management possible and allow for elevation of privileges. | ||||
| CVE-2023-2703 | 1 Finexmedia | 1 Competition Management System | 2024-11-21 | 7.5 High |
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07. | ||||
| CVE-2023-2622 | 1 Hitachienergy | 1 Modular Advanced Control For Hvdc | 2024-11-21 | 2.7 Low |
| Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read. | ||||
| CVE-2023-2069 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.4 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables. | ||||
| CVE-2023-2062 | 1 Mitsubishielectric | 8 Fx5-enet\/ip, Fx5-enet\/ip Firmware, Rj71eip91 and 5 more | 2024-11-21 | 6.2 Medium |
| Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. This vulnerability results in authentication bypass vulnerability, which allows the attacker to access MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP via FTP. | ||||
| CVE-2023-2025 | 1 Johnsoncontrols | 1 Openblue Enterprise Manager Data Collector | 2024-11-21 | 5 Medium |
| OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances. | ||||