Total
9643 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39054 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in Tokudaya.ekimae_mc v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39053 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in Hattoriya v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39052 | 1 Earthgarden Waiting Project | 1 Earthgarden Waiting | 2024-11-21 | 6.5 Medium |
| An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39051 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in VISION MEAT WORKS Track Diner 10/10mbl v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39050 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in Daiky-value.Fukueten v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39048 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in Tokudaya.honten v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39047 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39045 | 1 Kokoroe Members Card Project | 1 Kokoroe Members Card | 2024-11-21 | 6.5 Medium |
| An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39042 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in Gyouza-newhushimi v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-38898 | 1 Python | 1 Python | 2024-11-21 | 5.3 Medium |
| An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug. | ||||
| CVE-2023-38849 | 1 Linecorp | 1 Line | 2024-11-21 | 7.5 High |
| An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||||
| CVE-2023-38847 | 1 Linecorp | 1 Line | 2024-11-21 | 7.5 High |
| An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||||
| CVE-2023-38846 | 1 Linecorp | 1 Line | 2024-11-21 | 7.5 High |
| An issue in Marbre Lapin Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||||
| CVE-2023-38845 | 1 Linecorp | 1 Line | 2024-11-21 | 7.5 High |
| An issue in Anglaise Company Anglaise.Company v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||||
| CVE-2023-38718 | 1 Ibm | 1 Robotic Process Automation | 2024-11-21 | 3.7 Low |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606. | ||||
| CVE-2023-38700 | 1 Matrix | 1 Matrix Irc Bridge | 2024-11-21 | 3.5 Low |
| matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue. As a workaround, set the `matrixHandler.eventCacheSize` config value to `0`. This workaround may impact performance. | ||||
| CVE-2023-38685 | 1 Discourse | 1 Discourse | 2024-11-21 | 4.3 Medium |
| Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, information about restricted-visibility topic tags could be obtained by unauthorized users. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. | ||||
| CVE-2023-38503 | 1 Monospace | 1 Directus | 2024-11-21 | 5.7 Medium |
| Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.3.0 and prior to version 10.5.0, the permission filters (i.e. `user_created IS $CURRENT_USER`) are not properly checked when using GraphQL subscription resulting in unauthorized users getting event on their subscription which they should not be receiving according to the permissions. This can be any collection but out-of-the box the `directus_users` collection is configured with such a permissions filter allowing you to get updates for other users when changes happen. Version 10.5.0 contains a patch. As a workaround, disable GraphQL subscriptions. | ||||
| CVE-2023-38499 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 3.7 Low |
| TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem. | ||||
| CVE-2023-38494 | 1 Metersphere | 1 Metersphere | 2024-11-21 | 5.9 Medium |
| MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue. | ||||