Total
9779 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-34093 | 1 Strapi | 1 Strapi | 2024-11-21 | 4.8 Medium |
| Strapi is an open-source headless content management system. Prior to version 4.10.8, anyone (Strapi developers, users, plugins) can make every attribute of a Content-Type public without knowing it. The vulnerability only affects the handling of content types by Strapi, not the actual content types themselves. Users can use plugins or modify their own content types without realizing that the `privateAttributes` getter is being removed, which can result in any attribute becoming public. This can lead to sensitive information being exposed or the entire system being taken control of by an attacker(having access to password hashes). Anyone can be impacted, depending on how people are using/extending content-types. If the users are mutating the content-type, they will not be affected. Version 4.10.8 contains a patch for this issue. | ||||
| CVE-2023-34090 | 1 Decidim | 1 Decidim | 2024-11-21 | 7.5 High |
| Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections (e.g., public meetings). By default, this library allows filtering on all data attributes and associations. This allows an unauthenticated remote attacker to exfiltrate non-public data from the underlying database of a Decidim instance (e.g., exfiltrating data from the user table). This issue may lead to Sensitive Data Disclosure. The problem was patched in version 0.27.3. | ||||
| CVE-2023-33857 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | 5.3 Medium |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. IBM X-Force ID: 257695. | ||||
| CVE-2023-33851 | 1 Ibm | 1 Powervm Hypervisor | 2024-11-21 | 5.3 Medium |
| IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could reveal sensitive partition data to a system administrator. IBM X-Force ID: 257135. | ||||
| CVE-2023-33558 | 1 Ocomon Project | 1 Ocomon | 2024-11-21 | 7.5 High |
| An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames. | ||||
| CVE-2023-32495 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | 7.8 High |
| Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive information to an unauthorized Actor vulnerability. An authorized local attacker could potentially exploit this vulnerability, leading to escalation of privileges. | ||||
| CVE-2023-32476 | 1 Dell | 1 Hybrid Client | 2024-11-21 | 6.4 Medium |
| Dell Hybrid Client version 2.0 contains a Sensitive Data Exposure vulnerability. An unauthenticated malicious user on the device can access hard coded secrets in javascript files. | ||||
| CVE-2023-31416 | 1 Elastic | 2 Apm Server, Elastic Cloud On Kubernetes | 2024-11-21 | 5.3 Medium |
| Secret token configuration is never applied when using ECK <2.8 with APM Server >=8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment. | ||||
| CVE-2023-30993 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 6.8 Medium |
| IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account. IBM X-Force ID: 254136. | ||||
| CVE-2023-30804 | 1 Sangfor | 1 Next-gen Application Firewall | 2024-11-21 | 4.9 Medium |
| The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpn_html/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated attacker when paired with CVE-2023-30803. | ||||
| CVE-2023-2487 | 1 Smackcoders | 1 Export All Posts\, Products\, Orders\, Refunds \& Users | 2024-11-21 | 5.9 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1. | ||||
| CVE-2023-29500 | 1 Intel | 22 Nuc 11 Performance Kit Nuc11pahi3, Nuc 11 Performance Kit Nuc11pahi30z, Nuc 11 Performance Kit Nuc11pahi30z Firmware and 19 more | 2024-11-21 | 5.3 Medium |
| Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege user to potentially enable information disclosure via local access. | ||||
| CVE-2023-28723 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2024-11-21 | 3.3 Low |
| Exposure of sensitive information to an unauthorized actor in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2023-28421 | 1 Winwar | 1 Wp Email Capture | 2024-11-21 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Winwar Media WordPress Email Marketing Plugin – WP Email Capture.This issue affects WordPress Email Marketing Plugin – WP Email Capture: from n/a through 3.10. | ||||
| CVE-2023-28336 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 4.3 Medium |
| Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. | ||||
| CVE-2023-28334 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 Medium |
| Authenticated users were able to enumerate other users' names via the learning plans page. | ||||
| CVE-2023-28322 | 5 Apple, Fedoraproject, Haxx and 2 more | 17 Macos, Fedora, Curl and 14 more | 2024-11-21 | 3.7 Low |
| An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. | ||||
| CVE-2023-28077 | 1 Dell | 1 Bsafe Ssl-j | 2024-11-21 | 4.4 Medium |
| Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. | ||||
| CVE-2023-28010 | 1 Hcltech | 1 Domino | 2024-11-21 | 4 Medium |
| In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks. | ||||
| CVE-2023-27877 | 1 Ibm | 1 Cloud Pak For Data | 2024-11-21 | 5.3 Medium |
| IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905. | ||||