Total
117 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4237 | 1 Redhat | 2 Ansible Automation Platform, Ansible Collection | 2024-11-21 | N/A | 7.3 HIGH |
| A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability. | |||||
| CVE-2023-42010 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | N/A | 3.1 LOW |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. IBM X-Force ID: 265507. | |||||
| CVE-2023-41366 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | N/A | 5.3 MEDIUM |
| Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, allows an unauthenticated attacker to access the unintended data due to the lack of restrictions applied which may lead to low impact in confidentiality and no impact on the integrity and availability of the application. | |||||
| CVE-2023-37487 | 1 Sap | 1 Business One | 2024-11-21 | N/A | 5.3 MEDIUM |
| SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application | |||||
| CVE-2023-34209 | 1 Easyuse | 1 Mailhunter Ultimate | 2024-11-21 | N/A | 5.0 MEDIUM |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter. | |||||
| CVE-2023-32550 | 1 Canonical | 1 Landscape | 2024-11-21 | N/A | 9.3 CRITICAL |
| Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API. | |||||
| CVE-2023-2541 | 1 Knime | 1 Business Hub | 2024-11-21 | N/A | 5.3 MEDIUM |
| The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. No personal information or application data was exposed. | |||||
| CVE-2023-20111 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | N/A | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to the improper storage of sensitive information within the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface and viewing hidden fields within the application. A successful exploit could allow the attacker to access sensitive information, including device entry credentials, that could aid the attacker in further attacks. | |||||
| CVE-2023-0342 | 1 Mongodb | 1 Ops Manager Server | 2024-11-21 | N/A | 3.1 LOW |
| MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12 | |||||
| CVE-2023-0005 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A | 4.1 MEDIUM |
| A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys. | |||||
| CVE-2022-4968 | 1 Canonical | 1 Netplan | 2024-11-21 | N/A | 6.5 MEDIUM |
| netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected. | |||||
| CVE-2022-38710 | 2 Ibm, Microsoft | 4 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. IBM X-Force ID: 234292. | |||||
| CVE-2022-34458 | 1 Dell | 3 Alienware Update, Command Update, Update | 2024-11-21 | N/A | 6.6 MEDIUM |
| Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data. | |||||
| CVE-2022-2403 | 1 Redhat | 1 Openshift | 2024-11-21 | N/A | 6.5 MEDIUM |
| A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate. | |||||
| CVE-2022-28651 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 2.1 LOW | 8.4 HIGH |
| In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields | |||||
| CVE-2022-20734 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2024-11-21 | 4.9 MEDIUM | 4.4 MEDIUM |
| A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system. | |||||
| CVE-2022-20664 | 1 Cisco | 2 Email Security Appliance, Secure Email And Web Manager | 2024-11-21 | 3.5 LOW | 7.7 HIGH |
| A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to an affected device. This vulnerability is due to a lack of proper input sanitization while querying the external authentication server. An attacker could exploit this vulnerability by sending a crafted query through an external authentication web page. A successful exploit could allow the attacker to gain access to sensitive information, including user credentials from the external authentication server. To exploit this vulnerability, an attacker would need valid operator-level (or higher) credentials. | |||||
| CVE-2022-1902 | 1 Redhat | 1 Advanced Cluster Security | 2024-11-21 | N/A | 8.8 HIGH |
| A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges. | |||||
| CVE-2021-23135 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | 2.1 LOW | 5.9 MEDIUM |
| Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14. | |||||
| CVE-2021-1544 | 1 Cisco | 1 Webex Meetings | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in logging mechanisms of Cisco Webex Meetings client software could allow an authenticated, local attacker to gain access to sensitive information. This vulnerability is due to unsafe logging of application actions. An attacker could exploit this vulnerability by logging onto the local system and accessing files containing the logged details. A successful exploit could allow the attacker to gain access to sensitive information, including meeting data and recorded meeting transcriptions. | |||||