Total
9643 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-45223 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 4.3 Medium |
| Mattermost fails to properly validate the "Show Full Name" option in a few endpoints in Mattermost Boards, allowing a member to get the full name of another user even if the Show Full Name option was disabled. | ||||
| CVE-2023-45219 | 1 F5 | 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 16 more | 2024-11-21 | 4.4 Medium |
| Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2023-45189 | 1 Ibm | 1 Robotic Process Automation For Cloud Pak | 2024-11-21 | 6.5 Medium |
| A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752. | ||||
| CVE-2023-45147 | 1 Discourse | 1 Discourse | 2024-11-21 | 4.9 Medium |
| Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation with the default plugins, this vulnerability has no impact. The problem has been patched in the latest version of Discourse. Users are advised to update to version 3.1.1 if they are on the stable branch or 3.2.0.beta2 if they are on the beta branch. Users unable to upgrade should disable any plugins that access topic custom fields. | ||||
| CVE-2023-45131 | 1 Discourse | 1 Discourse | 2024-11-21 | 7.5 High |
| Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-45066 | 1 Smackcoders | 1 Export All Posts\, Products\, Orders\, Refunds \& Users | 2024-11-21 | 5.9 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1. | ||||
| CVE-2023-45024 | 1 Bestpractical | 1 Request Tracker | 2024-11-21 | 7.5 High |
| Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder. | ||||
| CVE-2023-44991 | 1 Meowapps | 1 Media File Renamer - Auto \& Manual Rename | 2024-11-21 | 6.5 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Media File Renamer: Rename Files (Manual, Auto & AI).This issue affects Media File Renamer: Rename Files (Manual, Auto & AI): from n/a through 5.6.9. | ||||
| CVE-2023-44983 | 1 Aruba | 1 Aruba Hispeed Cache | 2024-11-21 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aruba.It Aruba HiSpeed Cache.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.6. | ||||
| CVE-2023-44982 | 1 Meowapps | 1 Perfect Images | 2024-11-21 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina).This issue affects Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina): from n/a through 6.4.5. | ||||
| CVE-2023-44391 | 1 Discourse | 1 Discourse | 2024-11-21 | 5.3 Medium |
| Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when `hide_user_profiles_from_public` is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-44187 | 1 Juniper | 1 Junos Os Evolved | 2024-11-21 | 5.9 Medium |
| An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system. This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S7-EVO; * 21.1 versions 21.1R1-EVO and later; * 21.2 versions prior to 21.2R3-S5-EVO; * 21.3 versions prior to 21.3R3-S4-EVO; * 21.4 versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S2-EVO; * 22.2 versions prior to 22.2R2-EVO. | ||||
| CVE-2023-44150 | 1 Properfraction | 1 Profilepress | 2024-11-21 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.13.2. | ||||
| CVE-2023-44115 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of improper permission control in the Booster module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-44112 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Out-of-bounds access vulnerability in the device authentication module. Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2023-44098 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of missing encryption in the card management module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-44097 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-44093 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-43998 | 1 Linecorp | 1 Line | 2024-11-21 | 5.4 Medium |
| An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43993 | 1 Linecorp | 1 Line | 2024-11-21 | 5.4 Medium |
| An issue in smaregi_app_market mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||