Total
42 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1425 | 2024-11-18 | N/A | 4.3 MEDIUM | ||
| A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because confidential information is being included in HTTP requests that are exchanged between the user and the device. An attacker could exploit this vulnerability by looking at the raw HTTP requests that are sent to the interface. A successful exploit could allow the attacker to obtain some of the passwords that are configured throughout the interface.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2024-50378 | 2024-11-08 | N/A | 4.9 MEDIUM | ||
| Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, it is recommended to upgrade to Airflow 2.10.3 or a later version, which addresses this issue. Users who previously used the CLI to set secret variables should manually delete entries with those variables from the log table. | |||||
| CVE-2024-49235 | 2024-10-18 | N/A | 7.5 HIGH | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in VideoWhisper.Com Contact Forms, Live Support, CRM, Video Messages allows Retrieve Embedded Sensitive Data.This issue affects Contact Forms, Live Support, CRM, Video Messages: from n/a through 1.10.2. | |||||
| CVE-2024-47128 | 1 Gotenna | 1 Gotenna Pro | 2024-10-17 | N/A | 4.3 MEDIUM |
| The goTenna Pro App encryption key name is always sent unencrypted when the key is shared over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations. | |||||
| CVE-2024-43814 | 1 Gotenna | 1 Gotenna | 2024-10-17 | N/A | 4.3 MEDIUM |
| The goTenna Pro ATAK Plugin's default settings are to share Automatic Position, Location, and Information (PLI) updates every 60 seconds once the plugin is active and goTenna is connected. Users that are unaware of their settings and have not activated encryption before a mission may accidentally broadcast their location unencrypted. It is advised to verify PLI settings are the desired rate and activate encryption prior to mission. Update to the latest Plugin to disable this default setting. | |||||
| CVE-2024-41931 | 1 Gotenna | 1 Gotenna | 2024-10-17 | N/A | 4.3 MEDIUM |
| The goTenna Pro ATAK Plugin encryption key name is always sent unencrypted when the key is sent over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations. | |||||
| CVE-2024-6747 | 1 Checkmk | 1 Checkmk | 2024-10-15 | N/A | 7.5 HIGH |
| Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data | |||||
| CVE-2023-49261 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2024-10-10 | N/A | 7.5 HIGH |
| The "tokenKey" value used in user authorization is visible in the HTML source of the login page. | |||||
| CVE-2023-1825 | 1 Gitlab | 1 Gitlab | 2024-10-08 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It was possible to disclose issue notes to an unauthorized user at project export. | |||||
| CVE-2023-1401 | 2024-10-08 | N/A | 4.3 MEDIUM | ||
| An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization. | |||||
| CVE-2023-5831 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors. | |||||
| CVE-2023-4378 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the configured URL in the Sentry error tracking settings page. This was as a result of an incomplete fix for CVE-2022-4365. | |||||
| CVE-2023-4002 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or groups the user has access to, potentially revealing the security projects's configured security policies. | |||||
| CVE-2023-3949 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects' release descriptions via an atom endpoint when release access on the public was set to only project members. | |||||
| CVE-2023-3413 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to only project members. | |||||
| CVE-2023-3399 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 7.7 HIGH |
| An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom project templates. | |||||
| CVE-2023-3102 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 5.3 MEDIUM |
| A sensitive information leak issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows access to titles of private issue and MR. | |||||
| CVE-2023-2620 | 1 Gitlab | 1 Gitlab | 2024-10-03 | N/A | 3.8 LOW |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions. This addresses an incomplete fix for CVE-2023-0838. | |||||
| CVE-2024-25148 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-10-02 | N/A | 8.1 HIGH |
| In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user. This may allow remote authenticated users to impersonate a user after accessing the linked content. | |||||
| CVE-2024-8890 | 1 Circutor | 2 Q-smt, Q-smt Firmware | 2024-10-01 | N/A | 8.8 HIGH |
| An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure communication channel from being established. | |||||