Total
15 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29986 | 2024-04-19 | N/A | 5.4 MEDIUM | ||
| Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2024-29888 | 2024-03-28 | N/A | 4.2 MEDIUM | ||
| Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`. | |||||
| CVE-2022-20942 | 1 Cisco | 4 Asyncos, Secure Email And Web Manager, Secure Email Gateway and 1 more | 2024-01-25 | N/A | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve sensitive information from an affected device, including user credentials. This vulnerability is due to weak enforcement of back-end authorization checks. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain confidential data that is stored on the affected device. | |||||
| CVE-2023-50719 | 1 Xwiki | 1 Xwiki | 2023-12-19 | N/A | 7.5 HIGH |
| XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren't accessible but this vulnerability would disclose them as plain text. This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-2703 | 1 Finexmedia | 1 Competition Management System | 2023-12-10 | N/A | 7.5 HIGH |
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07. | |||||
| CVE-2023-2239 | 1 Microweber | 1 Microweber | 2023-12-10 | N/A | 6.5 MEDIUM |
| Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4. | |||||
| CVE-2022-41936 | 1 Xwiki | 1 Xwiki | 2023-12-10 | N/A | 7.5 HIGH |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The `modifications` rest endpoint does not filter out entries according to the user's rights. Therefore, information hidden from unauthorized users are exposed though the `modifications` rest endpoint (comments and page names etc). Users should upgrade to XWiki 14.6+, 14.4.3+, or 13.10.8+. Older versions have not been patched. There are no known workarounds. | |||||
| CVE-2022-46168 | 1 Discourse | 1 Discourse | 2023-12-10 | N/A | 3.5 LOW |
| Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta15 on the `beta` and `tests-passed` branches, recipients of a group SMTP email could see the email addresses of all other users inside the group SMTP topic. Most of the time this is not an issue as they are likely already familiar with one another's email addresses. This issue is patched in versions 2.8.14 and 2.9.0.beta15. The fix is that someone sending emails out via group SMTP to non-staged users masks those emails with blind carbon copy (BCC). Staged users are ones that have likely only interacted with the group via email, and will likely include other people who were CC'd on the original email to the group. As a workaround, disable group SMTP for any groups that have it enabled. | |||||
| CVE-2022-2921 | 1 Notrinos | 1 Notrinoserp | 2023-12-10 | N/A | 8.8 HIGH |
| Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companies, install/update languages, install/activate extensions, install/activate themes and other permissive actions. | |||||
| CVE-2022-0852 | 2 Convert2rhel Project, Redhat | 2 Convert2rhel, Enterprise Linux | 2023-12-10 | N/A | 5.5 MEDIUM |
| There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the privileges of the Red Hat account in question, but it could affect the integrity, availability, and/or data confidentiality of other systems that are administered by that account. This occurs regardless of how the password is supplied to convert2rhel. | |||||
| CVE-2022-24819 | 1 Xwiki | 1 Xwiki | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem. | |||||
| CVE-2022-0482 | 1 Easyappointments | 1 Easyappointments | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3. | |||||
| CVE-2022-0155 | 2 Follow-redirects Project, Siemens | 2 Follow-redirects, Sinec Ins | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor | |||||
| CVE-2021-3980 | 1 Elgg | 1 Elgg | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor | |||||
| CVE-2021-28559 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Information Exposure vulnerability. An unauthenticated attacker could leverage this vulnerability to get access to restricted data stored within global variables and objects. | |||||