Total
324 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6916 | 1 Zowe | 1 Zowe Cli | 2024-11-21 | 5.9 Medium |
| A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag. | ||||
| CVE-2024-6295 | 2024-11-21 | 3.9 Low | ||
| udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by udn. | ||||
| CVE-2024-5206 | 1 Scikit-learn | 1 Scikit-learn | 2024-11-21 | 4.7 Medium |
| A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the `stop_words_` attribute, rather than only storing the subset of tokens required for the TF-IDF technique to function. This behavior leads to the potential leakage of sensitive information, as the `stop_words_` attribute could contain tokens that were meant to be discarded and not stored, such as passwords or keys. The impact of this vulnerability varies based on the nature of the data being processed by the vectorizer. | ||||
| CVE-2024-48939 | 1 Paxton-access | 1 Net2 | 2024-11-21 | 7.5 High |
| Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 (SR4) enables use of the REST API with an invalid License File. Attackers may be able to retrieve access-log data. | ||||
| CVE-2024-40832 | 1 Apple | 1 Macos | 2024-11-21 | 3.3 Low |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to view a contact's phone number in system logs. | ||||
| CVE-2024-40813 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2024-11-21 | 4.6 Medium |
| A lock screen issue was addressed with improved state management. This issue is fixed in watchOS 10.6, iOS 17.6 and iPadOS 17.6. An attacker with physical access may be able to use Siri to access sensitive user data. | ||||
| CVE-2024-38453 | 2024-11-21 | 7.5 High | ||
| The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key. NOTE: the current version is 11 as of mid-2024. | ||||
| CVE-2024-35526 | 2024-11-21 | 5.9 Medium | ||
| An issue in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to access sensitive information in the /facade directory. | ||||
| CVE-2024-33004 | 1 Sap Se | 1 Sap Business Objects Business Intgelligence Platform | 2024-11-21 | 4.3 Medium |
| SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application. | ||||
| CVE-2024-32211 | 1 Lomag | 1 Warehouse Management | 2024-11-21 | 5.5 Medium |
| An issue in LOGINT LoMag Inventory Management v1.0.20.120 and before allows a local attacker to obtain sensitive information via the UserClass.cs and Settings.cs components. | ||||
| CVE-2024-31400 | 2024-11-21 | 6.5 Medium | ||
| Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail. | ||||
| CVE-2024-30917 | 1 Eprosima | 1 Fast Dds | 2024-11-21 | 5.5 Medium |
| An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in DurabilityService QoS component. | ||||
| CVE-2024-28132 | 2024-11-21 | 4.4 Medium | ||
| Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2024-25728 | 1 Expressvpn | 1 Expressvpn | 2024-11-21 | 7.5 High |
| ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers), which may allow remote attackers to obtain sensitive information about websites visited by VPN users. | ||||
| CVE-2024-25655 | 2024-11-21 | 6.5 Medium | ||
| Insecure storage of LDAP passwords in the authentication functionality of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allows members (with read access to the application database) to decrypt the LDAP passwords of users who successfully authenticate to web management via LDAP. | ||||
| CVE-2024-25360 | 1 Motorola | 2 Cx2l, Cx2l Firmware | 2024-11-21 | 5.3 Medium |
| A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip. | ||||
| CVE-2024-23445 | 2024-11-21 | 6.5 Medium | ||
| It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.html#security-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the field_security parameter, and the same cross-cluster API key also grants replication for the same index, the search restrictions are not enforced during cross cluster search operations and search results may include documents and terms that should not be returned. This issue only affects the API key based security model for remote clusters https://www.elastic.co/guide/en/elasticsearch/reference/8.14/remote-clusters.html#remote-clusters-security-models that was previously a beta feature and is released as GA with 8.14.0 | ||||
| CVE-2024-22808 | 2024-11-21 | 7.5 High | ||
| An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC router via overwriting the card's name in the device memory. | ||||
| CVE-2024-22773 | 1 Intelbras | 2 Action Rf 1200, Action Rf 1200 Firmware | 2024-11-21 | 8.1 High |
| Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass. | ||||
| CVE-2024-22193 | 1 Vantage6 | 1 Vantage6 | 2024-11-21 | 3.5 Low |
| The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Users should ensure they set the encryption setting correctly. This vulnerability is patched in 4.2.0. | ||||