Total
323 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31400 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail. | |||||
| CVE-2024-28132 | 2024-11-21 | N/A | 4.4 MEDIUM | ||
| Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2024-25728 | 1 Expressvpn | 1 Expressvpn | 2024-11-21 | N/A | 7.5 HIGH |
| ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers), which may allow remote attackers to obtain sensitive information about websites visited by VPN users. | |||||
| CVE-2024-25655 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Insecure storage of LDAP passwords in the authentication functionality of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allows members (with read access to the application database) to decrypt the LDAP passwords of users who successfully authenticate to web management via LDAP. | |||||
| CVE-2024-25360 | 1 Motorola | 2 Cx2l, Cx2l Firmware | 2024-11-21 | N/A | 5.3 MEDIUM |
| A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip. | |||||
| CVE-2024-23445 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.html#security-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the field_security parameter, and the same cross-cluster API key also grants replication for the same index, the search restrictions are not enforced during cross cluster search operations and search results may include documents and terms that should not be returned. This issue only affects the API key based security model for remote clusters https://www.elastic.co/guide/en/elasticsearch/reference/8.14/remote-clusters.html#remote-clusters-security-models that was previously a beta feature and is released as GA with 8.14.0 | |||||
| CVE-2024-22808 | 2024-11-21 | N/A | 7.5 HIGH | ||
| An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC router via overwriting the card's name in the device memory. | |||||
| CVE-2024-22193 | 1 Vantage6 | 1 Vantage6 | 2024-11-21 | N/A | 3.5 LOW |
| The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Users should ensure they set the encryption setting correctly. This vulnerability is patched in 4.2.0. | |||||
| CVE-2023-49515 | 1 Tp-link | 4 Tapo C200, Tapo C200 Firmware, Tapo Tc70 and 1 more | 2024-11-21 | N/A | 4.6 MEDIUM |
| Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components. | |||||
| CVE-2023-45184 | 1 Ibm | 1 I Access Client Solutions | 2024-11-21 | N/A | 6.2 MEDIUM |
| IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270. | |||||
| CVE-2023-45182 | 1 Ibm | 1 I Access Client Solutions | 2024-11-21 | N/A | 7.4 HIGH |
| IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265. | |||||
| CVE-2023-43634 | 1 Lfedge | 1 Eve | 2024-11-21 | N/A | 8.8 HIGH |
| When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous project, CYMOTIVE found that the configuration is not protected by the secure boot, and in response Zededa implemented measurements on the config partition that was mapped to PCR 13. In that process, PCR 13 was added to the list of PCRs that seal/unseal the key. In commit “56e589749c6ff58ded862d39535d43253b249acf”, the config partition measurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list of PCRs that seal/unseal the key. This change makes the measurement of PCR 14 effectively redundant as it would not affect the sealing/unsealing of the key. An attacker could modify the config partition without triggering the measured boot, this could result in the attacker gaining full control over the device with full access to the contents of the encrypted “vault” | |||||
| CVE-2023-43633 | 1 Lfedge | 1 Eve | 2024-11-21 | N/A | 8.8 HIGH |
| On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the file exists, it overrides the existing configuration on the device on boot. This allows an attacker to change the system’s configuration, which also includes some debug functions. This could be used to unlock the ssh with custom “authorized_keys” via the “debug.enable.ssh” key, similar to the “authorized_keys” finding that was noted before. Other usages include unlocking the usb to enable the keyboard via the “debug.enable.usb” key, allowing VNC access via the “app.allow.vnc” key, and more. An attacker could easily enable these debug functionalities without triggering the “measured boot” mechanism implemented by EVE OS, and without marking the device as “UUD” (“Unknown Update Detected”). This is because the “/config” partition is not protected by “measured boot”, it is mutable and it is not encrypted in any way. An attacker can gain full control over the device without changing the PCR values, thereby not triggering the “measured boot” mechanism, and having full access to the vault. Note: This issue was partially fixed in these commits (after disclosure to Zededa), where the config partition measurement was added to PCR13: • aa3501d6c57206ced222c33aea15a9169d629141 • 5fef4d92e75838cc78010edaed5247dfbdae1889. This issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot. | |||||
| CVE-2023-43631 | 1 Linuxfoundation | 1 Edge Virtualization Engine | 2024-11-21 | N/A | 8.8 HIGH |
| On boot, the Pillar eve container checks for the existence and content of “/config/authorized_keys”. If the file is present, and contains a supported public key, the container will go on to open port 22 and enable sshd with the given keys as the authorized keys for root login. An attacker could easily add their own keys and gain full control over the system without triggering the “measured boot” mechanism implemented by EVE OS, and without marking the device as “UUD” (“Unknown Update Detected”). This is because the “/config” partition is not protected by “measured boot”, it is mutable, and it is not encrypted in any way. An attacker can gain full control over the device without changing the PCR values, thus not triggering the “measured boot” mechanism, and having full access to the vault. Note: This issue was partially fixed in these commits (after disclosure to Zededa), where the config partition measurement was added to PCR13: • aa3501d6c57206ced222c33aea15a9169d629141 • 5fef4d92e75838cc78010edaed5247dfbdae1889. This issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot. | |||||
| CVE-2023-43630 | 1 Linuxfoundation | 1 Edge Virtualization Engine | 2024-11-21 | N/A | 8.8 HIGH |
| PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not solve the problem of the config partition not being measured correctly. Also, the “vault” key is sealed/unsealed with SHA1 PCRs instead of SHA256. This issue was somewhat mitigated due to all of the PCR extend functions updating both the values of SHA256 and SHA1 for a given PCR ID. However, due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, this is no longer the case for PCR14, as the code in “measurefs.go” explicitly updates only the SHA256 instance of PCR14, which means that even if PCR14 were to be added to the list of PCRs sealing/unsealing the “vault” key, changes to the config partition would still not be measured. An attacker could modify the config partition without triggering the measured boot, this could result in the attacker gaining full control over the device with full access to the contents of the encrypted “vault” | |||||
| CVE-2023-42913 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 8.8 HIGH |
| This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions. | |||||
| CVE-2023-41723 | 1 Veeam | 1 One | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes. | |||||
| CVE-2023-40728 | 1 Siemens | 1 Qms Automotive | 2024-11-21 | N/A | 7.3 HIGH |
| A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could allow an attacker to alter content, leading to arbitrary code execution or denial-of-service condition. | |||||
| CVE-2023-3064 | 1 Mobatime | 1 Amxgt 100 | 2024-11-21 | N/A | 7.5 HIGH |
| Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20. | |||||
| CVE-2023-37879 | 1 Wftpserver | 1 Wing Ftp Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| Insecure storage of sensitive information in Wing FTP Server (User Web Client) allows information elicitation.This issue affects Wing FTP Server: <= 7.2.0. | |||||