Total
41 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-8891 | 1 Circutor | 2 Q-smt, Q-smt Firmware | 2024-09-26 | N/A | 5.3 MEDIUM |
An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4. | |||||
CVE-2024-47085 | 1 Apexsoftcell | 2 Ld Dp Back Office, Ld Geo | 2024-09-26 | N/A | 6.5 MEDIUM |
This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters (cCdslClicentcode and cLdClientCode) in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users. | |||||
CVE-2024-47087 | 1 Apexsoftcell | 2 Ld Dp Back Office, Ld Geo | 2024-09-26 | N/A | 6.5 MEDIUM |
This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters (Client ID, DPID or BOID) in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users. | |||||
CVE-2023-5983 | 1 Botanikyazilim | 1 Pharmacy Automation | 2024-09-26 | N/A | 7.5 HIGH |
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve Embedded Sensitive Data.This issue affects Pharmacy Automation: before 2.1.133.0. | |||||
CVE-2024-45591 | 1 Xwiki | 1 Xwiki | 2024-09-20 | N/A | 5.3 MEDIUM |
XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification (both username and displayed name) and the version comment. This information is exposed regardless of the rights setup, and even when the wiki is configured to be fully private. On a private wiki, this can be tested by accessing /xwiki/rest/wikis/xwiki/spaces/Main/pages/WebHome/history, if this shows the history of the main page then the installation is vulnerable. This has been patched in XWiki 15.10.9 and XWiki 16.3.0RC1. | |||||
CVE-2024-46979 | 2024-09-20 | N/A | 5.3 MEDIUM | ||
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get access to notification filters of any user by using a URL such as `<hostname>xwiki/bin/get/XWiki/Notifications/Code/NotificationFilterPreferenceLivetableResults?outputSyntax=plain&type=custom&user=<username>`. This vulnerability impacts all versions of XWiki since 13.2-rc-1. The filters do not provide much information (they mainly contain references which are public data in XWiki), though some info could be used in combination with other vulnerabilities. This vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0RC1. The patch consists in checking the rights of the user when sending the data. Users are advised to upgrade. It's possible to workaround the vulnerability by applying manually the patch: it's possible for an administrator to edit directly the document `XWiki.Notifications.Code.NotificationFilterPreferenceLivetableResults` to apply the same changes as in the patch. See commit c8c6545f9bde6f5aade994aa5b5903a67b5c2582. | |||||
CVE-2024-6053 | 4 Apple, Linux, Microsoft and 1 more | 5 Macos, Linux Kernel, Windows and 2 more | 2024-09-19 | N/A | 4.3 MEDIUM |
Improper access control in the clipboard synchronization feature in TeamViewer Full Client prior version 15.57 and TeamViewer Meeting prior version 15.55.3 can lead to unintentional sharing of the clipboard with the current presenter of a meeting. | |||||
CVE-2024-45787 | 1 Reedos | 1 Aim-star | 2024-09-18 | N/A | 6.5 MEDIUM |
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL and intercepting response of the API request leading to exposure of sensitive information belonging to other users. | |||||
CVE-2023-48680 | 2024-09-10 | N/A | 3.3 LOW | ||
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391. | |||||
CVE-2023-44213 | 2 Acronis, Microsoft | 2 Agent, Windows | 2024-09-10 | N/A | 5.5 MEDIUM |
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build 37391. | |||||
CVE-2023-44156 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-09-10 | N/A | 7.5 HIGH |
Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | |||||
CVE-2024-44113 | 2024-09-10 | N/A | 4.3 MEDIUM | ||
Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application. | |||||
CVE-2024-41729 | 2024-09-10 | N/A | 4.3 MEDIUM | ||
Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application. | |||||
CVE-2024-30321 | 2024-09-10 | N/A | 5.9 MEDIUM | ||
A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information. This could allow an unauthenticated remote attacker to retrieve information such as users and passwords. | |||||
CVE-2023-25632 | 1 Naver | 1 Whale Browser | 2024-09-06 | N/A | 5.5 MEDIUM |
The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature. | |||||
CVE-2024-37136 | 1 Dell | 1 Path To Powerprotect | 2024-09-05 | N/A | 4.9 MEDIUM |
Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information exposure. | |||||
CVE-2024-42347 | 1 Matrix | 1 Matrix-react-sdk | 2024-08-12 | N/A | 6.5 MEDIUM |
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server. This was patched in matrix-react-sdk 3.105.0. Deployments that trust their homeservers, as well as closed federations of trusted servers, are not affected. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2024-28387 | 2024-08-01 | N/A | 7.5 HIGH | ||
An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component. | |||||
CVE-2024-36682 | 2024-08-01 | N/A | 7.5 HIGH | ||
In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can lead to leak of personal information. | |||||
CVE-2023-50053 | 2024-08-01 | N/A | 7.6 HIGH | ||
An issue in Foundation.app Foundation platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Foundation, the signed message lacks a nonce (random number) |