Total
683 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28015 | 1 Hcl | 1 Domino Appdev Pack | 2025-01-17 | N/A | 5.3 MEDIUM |
| The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability. During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not. The attacker could use this information to focus a brute force attack on valid users. | |||||
| CVE-2023-26215 | 1 Tibco | 1 Ebx Add-ons | 2025-01-16 | N/A | 7.7 HIGH |
| The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that allows an attacker with low-privileged application access to read system files that are accessible to the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and below. | |||||
| CVE-2017-5753 | 13 Arm, Canonical, Debian and 10 more | 387 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 384 more | 2025-01-14 | 4.7 MEDIUM | 5.6 MEDIUM |
| Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | |||||
| CVE-2023-24598 | 1 Open-xchange | 1 Ox App Suite | 2025-01-14 | N/A | 4.3 MEDIUM |
| OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user. | |||||
| CVE-2023-33741 | 2 Google, Macro-video | 2 Android, V380 Pro | 2025-01-13 | N/A | 7.5 HIGH |
| Macrovideo v380pro v1.4.97 shares the device id and password when sharing the device. | |||||
| CVE-2022-24695 | 1 Bluetooth | 1 Bluetooth Core Specification | 2025-01-10 | N/A | 4.3 MEDIUM |
| Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device. | |||||
| CVE-2023-25728 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-01-10 | N/A | 6.5 MEDIUM |
| The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | |||||
| CVE-2023-25741 | 1 Mozilla | 1 Firefox | 2025-01-09 | N/A | 6.5 MEDIUM |
| When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled until further review. This vulnerability affects Firefox < 110. | |||||
| CVE-2023-33518 | 1 Emoncms | 1 Emoncms | 2025-01-08 | N/A | 5.3 MEDIUM |
| emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request. | |||||
| CVE-2024-41952 | 1 Zitadel | 1 Zitadel | 2025-01-08 | N/A | 5.3 MEDIUM |
| Zitadel is an open source identity management system. ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password prompt even if the user doesn't exist and report "Username or Password invalid". Due to a implementation change to prevent deadlocks calling the database, the flag would not be correctly respected in all cases and an attacker would gain information if an account exist within ZITADEL, since the error message shows "object not found" instead of the generic error message. This vulnerability is fixed in 2.58.1, 2.57.1, 2.56.2, 2.55.5, 2.54.8, and 2.53.9. | |||||
| CVE-2024-26221 | 1 Microsoft | 4 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 1 more | 2025-01-08 | N/A | 7.2 HIGH |
| Windows DNS Server Remote Code Execution Vulnerability | |||||
| CVE-2023-38362 | 1 Ibm | 1 Cics Tx | 2025-01-07 | N/A | 5.3 MEDIUM |
| IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to observable discrepancy in HTTP responses. IBM X-Force ID: 260814. | |||||
| CVE-2023-27283 | 1 Ibm | 1 Aspera Orchestrator | 2025-01-07 | N/A | 5.3 MEDIUM |
| IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies. IBM X-Force ID: 248545. | |||||
| CVE-2021-20556 | 1 Ibm | 1 Cognos Controller | 2025-01-07 | N/A | 5.3 MEDIUM |
| IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181. | |||||
| CVE-2022-48730 | 1 Linux | 1 Linux Kernel | 2025-01-06 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix potential spectre v1 gadget It appears like nr could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via speculative execution by using array_index_nospec. [sumits: added fixes and cc: stable tags] | |||||
| CVE-2023-1707 | 1 Hp | 317 Color Laserjet Enterprise 5700 49k98a, Color Laserjet Enterprise 5700 6qn28a, Color Laserjet Enterprise 6700 49l00a and 314 more | 2025-01-03 | N/A | 7.5 HIGH |
| Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6. | |||||
| CVE-2023-34878 | 1 Ujcms | 1 Ujcms | 2025-01-02 | N/A | 7.5 HIGH |
| An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip. | |||||
| CVE-2024-54454 | 2024-12-31 | N/A | 5.3 MEDIUM | ||
| An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. An Observable Response Discrepancy vulnerability in the sendPasswordReinitLink action of the unlogged.do page allows remote attackers to test whether a username is valid or not. This allows confirmation of valid usernames. | |||||
| CVE-2024-54476 | 1 Apple | 1 Macos | 2024-12-19 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data. | |||||
| CVE-2024-12663 | 2024-12-16 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability classified as problematic was found in funnyzpc Mee-Admin up to 1.6. This vulnerability affects unknown code of the file /mee/login of the component Login. The manipulation of the argument username leads to observable response discrepancy. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | |||||