Total
7313 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8460 | 1 Dlink | 2 Dns-320, Dns-320 Firmware | 2024-09-06 | 2.6 LOW | 5.9 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in D-Link DNS-320 2.02b01. Affected by this issue is some unknown functionality of the file /cgi-bin/widget_api.cgi of the component Web Management Interface. The manipulation of the argument getHD/getSer/getSys leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. | |||||
| CVE-2023-45024 | 1 Bestpractical | 1 Request Tracker | 2024-09-06 | N/A | 7.5 HIGH |
| Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder. | |||||
| CVE-2024-45447 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | N/A | 5.5 MEDIUM |
| Access control vulnerability in the camera framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-7415 | 2024-09-06 | N/A | 5.3 MEDIUM | ||
| The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | |||||
| CVE-2023-40159 | 1 Philips | 1 Vue Pacs | 2024-09-05 | N/A | 6.5 MEDIUM |
| A validated user not explicitly authorized to have access to certain sensitive information could access Philips Vue PACS on the same network to expose that information. | |||||
| CVE-2024-6421 | 1 Pepperl-fuchs | 8 Oit1500-f113-b12-cb, Oit1500-f113-b12-cb Firmware, Oit200-f113-b12-cb and 5 more | 2024-09-05 | N/A | 7.5 HIGH |
| An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service. | |||||
| CVE-2024-7091 | 1 Gitlab | 1 Gitlab | 2024-09-05 | N/A | 5.0 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where it was possible to disclose limited information of an exported group or project to another user. | |||||
| CVE-2024-7060 | 1 Gitlab | 1 Gitlab | 2024-09-05 | N/A | 6.5 MEDIUM |
| An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export. | |||||
| CVE-2024-5067 | 1 Gitlab | 1 Gitlab | 2024-09-05 | N/A | 4.9 MEDIUM |
| An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles. | |||||
| CVE-2023-39057 | 1 Lycorp | 1 Line Mini App | 2024-09-05 | N/A | 7.5 HIGH |
| An information leak in hirochanKAKIwaiting v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39054 | 1 Lycorp | 1 Line Mini App | 2024-09-05 | N/A | 7.5 HIGH |
| An information leak in Tokudaya.ekimae_mc v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39053 | 1 Lycorp | 1 Line Mini App | 2024-09-05 | N/A | 7.5 HIGH |
| An information leak in Hattoriya v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39051 | 1 Lycorp | 1 Line Mini App | 2024-09-05 | N/A | 7.5 HIGH |
| An information leak in VISION MEAT WORKS Track Diner 10/10mbl v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39050 | 1 Lycorp | 1 Line Mini App | 2024-09-05 | N/A | 7.5 HIGH |
| An information leak in Daiky-value.Fukueten v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39048 | 1 Lycorp | 1 Line Mini App | 2024-09-05 | N/A | 7.5 HIGH |
| An information leak in Tokudaya.honten v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39047 | 1 Lycorp | 1 Line Mini App | 2024-09-05 | N/A | 7.5 HIGH |
| An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39042 | 1 Lycorp | 1 Line Mini App | 2024-09-05 | N/A | 7.5 HIGH |
| An information leak in Gyouza-newhushimi v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2024-41108 | 1 Fogproject | 1 Fogproject | 2024-09-05 | N/A | 5.9 MEDIUM |
| FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. This data can only be retrieved if a task is pending on that host. Otherwise, an error message containing "Invalid tasking!" will be returned. The domainpassword in the hostinfo dump is hidden even to authenticated users, as it is displayed as a row of asterisks when navigating to the host's Active Directory settings. This vulnerability is fixed in 1.5.10.41. | |||||
| CVE-2023-41260 | 1 Bestpractical | 1 Request Tracker | 2024-09-05 | N/A | 7.5 HIGH |
| Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls. | |||||
| CVE-2023-41259 | 1 Bestpractical | 1 Request Tracker | 2024-09-05 | N/A | 7.5 HIGH |
| Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call. | |||||