Total
7313 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-43258 | 1 Storelocatorplus | 1 Store Locator Plus | 2024-09-12 | N/A | 7.5 HIGH |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Store Locator Plus.This issue affects Store Locator Plus: from n/a through 2311.17.01. | |||||
CVE-2024-43257 | 1 Nouthemes | 1 Leopard | 2024-09-12 | N/A | 6.5 MEDIUM |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Nouthemes Leopard - WordPress offload media.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36. | |||||
CVE-2024-28834 | 2024-09-12 | N/A | 5.3 MEDIUM | ||
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel. | |||||
CVE-2024-45391 | 1 Tina | 1 Tina | 2024-09-12 | N/A | 7.5 HIGH |
Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.json). Administrators of Tina-enabled websites with search setup should rotate their key immediately. This issue has been patched in @tinacms/cli version 1.6.2. Upgrading and rotating the search token is required for the proper fix. | |||||
CVE-2024-45450 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-12 | N/A | 7.5 HIGH |
Permission control vulnerability in the software update module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
CVE-2023-46315 | 1 Zanllp | 1 Stable Diffusion Webui Infinite Image Browsing | 2024-09-12 | N/A | 7.5 HIGH |
The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before 977815a for stable-diffusion-webui (aka Stable Diffusion web UI), if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL, as demonstrated by reading /proc/self/environ to discover credentials. | |||||
CVE-2024-3305 | 2024-09-12 | N/A | N/A | ||
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android. | |||||
CVE-2024-45054 | 1 Hwameistor | 1 Hwameistor | 2024-09-12 | N/A | 6.7 MEDIUM |
Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has * verbs of * resources. If a malicious user can access the worker node which has hwameistor's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation. This issue has been patched in version 0.14.6. All users are advised to upgrade. Users unable to upgrade should update and limit the ClusterRole using security-role. | |||||
CVE-2024-8461 | 1 Dlink | 2 Dns-320, Dns-320 Firmware | 2024-09-12 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. This affects an unknown part of the file /cgi-bin/discovery.cgi of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. | |||||
CVE-2024-43264 | 1 Mediavine | 1 Create | 2024-09-12 | N/A | 7.5 HIGH |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mediavine Create by Mediavine.This issue affects Create by Mediavine: from n/a through 1.9.8. | |||||
CVE-2023-39739 | 1 Linecorp | 1 Regina Sweets\&bakery | 2024-09-12 | N/A | 8.2 HIGH |
The leakage of the client secret in REGINA SWEETS&BAKERY Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | |||||
CVE-2023-39737 | 1 Linecorp | 1 Matsuya | 2024-09-12 | N/A | 8.2 HIGH |
The leakage of the client secret in Matsuya Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | |||||
CVE-2023-39736 | 1 Linecorp | 1 Fukunaga Memberscard | 2024-09-12 | N/A | 8.2 HIGH |
The leakage of the client secret in Fukunaga_memberscard Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | |||||
CVE-2023-39735 | 1 Linecorp | 1 Uomasa Saiji New | 2024-09-12 | N/A | 8.2 HIGH |
The leakage of the client secret in Uomasa_Saiji_news Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | |||||
CVE-2024-45624 | 2024-09-12 | N/A | 7.5 HIGH | ||
Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved. | |||||
CVE-2023-38847 | 1 Linecorp | 1 Line | 2024-09-12 | N/A | 7.5 HIGH |
An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | |||||
CVE-2023-38846 | 1 Linecorp | 1 Line | 2024-09-12 | N/A | 7.5 HIGH |
An issue in Marbre Lapin Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | |||||
CVE-2023-38845 | 1 Linecorp | 1 Line | 2024-09-12 | N/A | 7.5 HIGH |
An issue in Anglaise Company Anglaise.Company v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | |||||
CVE-2024-41733 | 1 Sap | 1 Commerce | 2024-09-12 | N/A | 5.3 MEDIUM |
In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this knowledge. The attacker must already know the e-mail that they wish to test for. The impact on confidentiality therefore is low and no impact to integrity or availability | |||||
CVE-2024-41736 | 1 Sap | 1 Permit To Work | 2024-09-12 | N/A | 4.3 MEDIUM |
Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application. |