Total
9781 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39951 | 2 Linuxfoundation, Opentelemetry | 2 Opentelemetry Instrumentation For Java, Opentelemetry-java-instrumentation | 2024-11-21 | 6.5 Medium |
| OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email Service (SES) v1 API. When SES POST requests are instrumented, the query parameters of the request are inserted into the trace `url.path` field. This behavior leads to the http body, containing the email subject and message, to be present in the trace request url metadata. Any user using a version before 1.28.0 of OpenTelemetry Java Instrumentation to instrument AWS SDK v2 call to SES’s v1 SendEmail API is affected. The e-mail content sent to SES may end up in telemetry backend. This exposes the e-mail content to unintended audiences. The issue can be mitigated by updating OpenTelemetry Java Instrumentation to version 1.28.0 or later. | ||||
| CVE-2023-39739 | 1 Linecorp | 1 Regina Sweets\&bakery | 2024-11-21 | 8.2 High |
| The leakage of the client secret in REGINA SWEETS&BAKERY Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | ||||
| CVE-2023-39737 | 1 Linecorp | 1 Matsuya | 2024-11-21 | 8.2 High |
| The leakage of the client secret in Matsuya Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | ||||
| CVE-2023-39736 | 1 Linecorp | 1 Fukunaga Memberscard | 2024-11-21 | 8.2 High |
| The leakage of the client secret in Fukunaga_memberscard Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | ||||
| CVE-2023-39735 | 1 Linecorp | 1 Uomasa Saiji New | 2024-11-21 | 8.2 High |
| The leakage of the client secret in Uomasa_Saiji_news Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | ||||
| CVE-2023-39677 | 2 Simpleimportproduct Project, Updateproducts Project | 2 Simpleimportproduct, Updateproducts | 2024-11-21 | 7.5 High |
| MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php. | ||||
| CVE-2023-39620 | 2 Buffalo, Buffalo America Inc | 3 Terastation Nas 5410r, Terastation Nas 5410r Firmware, Terastation Nas Ts5410r | 2024-11-21 | 7.5 High |
| An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest account function. | ||||
| CVE-2023-39519 | 1 Fit2cloud | 1 Cloudexplorer Lite | 2024-11-21 | 7.5 High |
| Cloud Explorer Lite is an open source cloud management platform. Prior to version 1.4.0, there is a risk of sensitive information leakage in the user information acquisition of CloudExplorer Lite. The vulnerability has been fixed in version 1.4.0. | ||||
| CVE-2023-39393 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten. | ||||
| CVE-2023-39383 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security. | ||||
| CVE-2023-39337 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-11-21 | 9.1 Critical |
| A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets. This vulnerability poses a serious security risk, potentially exposing confidential data and system integrity. | ||||
| CVE-2023-39289 | 1 Mitel | 1 Mivoice Connect | 2024-11-21 | 7.5 High |
| A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an unauthenticated attacker to conduct an account enumeration attack due to improper configuration. A successful exploit could allow an attacker to access system information. | ||||
| CVE-2023-39057 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in hirochanKAKIwaiting v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39054 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in Tokudaya.ekimae_mc v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39053 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in Hattoriya v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39052 | 1 Earthgarden Waiting Project | 1 Earthgarden Waiting | 2024-11-21 | 6.5 Medium |
| An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39051 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in VISION MEAT WORKS Track Diner 10/10mbl v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39050 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in Daiky-value.Fukueten v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39048 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in Tokudaya.honten v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39047 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||