Total
354 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-45713 | 2024-10-18 | N/A | 5.1 MEDIUM | ||
| SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes. | |||||
| CVE-2023-31048 | 1 Opcfoundation | 1 Ua-.netstandard | 2024-10-09 | N/A | 5.3 MEDIUM |
| The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely. | |||||
| CVE-2023-3362 | 1 Gitlab | 1 Gitlab | 2024-10-08 | N/A | 5.3 MEDIUM |
| An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub. | |||||
| CVE-2024-6551 | 1 Givewp | 1 Givewp | 2024-10-04 | N/A | 5.3 MEDIUM |
| The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.15.1. This is due to the plugin utilizing Symfony and leaving display_errors on within test files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | |||||
| CVE-2024-27315 | 2024-10-03 | N/A | 4.3 MEDIUM | ||
| An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue. | |||||
| CVE-2023-1210 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user's email via an error message for groups that restrict membership by email domain. | |||||
| CVE-2024-5250 | 1 Perforce | 1 Akana Api | 2024-10-01 | N/A | 5.3 MEDIUM |
| In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations | |||||
| CVE-2024-6544 | 1 Coffee2code | 1 Custom Post Limits | 2024-09-30 | N/A | 5.3 MEDIUM |
| The Custom Post Limits plugin for WordPress is vulnerable to full path disclosure in all versions up to, and including, 4.4.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | |||||
| CVE-2024-7415 | 1 Coffee2code | 1 Remember Me Controls | 2024-09-30 | N/A | 5.3 MEDIUM |
| The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | |||||
| CVE-2024-7426 | 1 Peepso | 1 Peepso | 2024-09-30 | N/A | 5.3 MEDIUM |
| The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.6.0. This is due to the plugin displaying errors and allowing direct access to the sse.php file. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | |||||
| CVE-2023-42475 | 1 Sap | 1 S\/4hana | 2024-09-28 | N/A | 4.3 MEDIUM |
| The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality. | |||||
| CVE-2023-47152 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2, Linux On Ibm Z and 2 more | 2024-09-27 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. | |||||
| CVE-2023-47728 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-09-21 | N/A | 6.5 MEDIUM |
| IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request. This information could be used in further attacks against the system. IBM X-Force ID: 272201. | |||||
| CVE-2023-31429 | 1 Broadcom | 1 Fabric Operating System | 2024-09-18 | N/A | 5.5 MEDIUM |
| Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal. | |||||
| CVE-2022-38107 | 1 Solarwinds | 1 Sql Sentry | 2024-09-17 | N/A | 5.3 MEDIUM |
| Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details. | |||||
| CVE-2024-5435 | 1 Gitlab | 1 Gitlab | 2024-09-14 | N/A | 6.5 MEDIUM |
| An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2 will disclose user password from repository mirror configuration. | |||||
| CVE-2024-6984 | 1 Canonical | 1 Juju | 2024-09-11 | N/A | 3.8 LOW |
| An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm. | |||||
| CVE-2024-8571 | 1 Erjemin | 1 Roll Cms | 2024-09-11 | 2.7 LOW | 5.3 MEDIUM |
| A vulnerability was found in erjemin roll_cms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9. It has been classified as problematic. This affects an unknown part of the file roll_cms/roll_cms/views.py. The manipulation leads to information exposure through error message. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | |||||
| CVE-2024-3454 | 1 Csa-iot | 1 Matter | 2024-09-10 | N/A | 3.5 LOW |
| An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK allows a third party to disclose information about devices part of the same fabric (footprinting), even though the protocol is designed to prevent access to such information. | |||||
| CVE-2024-28285 | 2024-08-29 | N/A | 9.8 CRITICAL | ||
| A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate privileges. | |||||