Total
439 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40762 | 1 Phpjabbers | 1 Fundraising Script | 2024-11-21 | 9.8 Critical |
| User enumeration is found in PHPJabbers Fundraising Script v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40761 | 1 Phpjabbers | 1 Yacht Listing Script | 2024-11-21 | 9.8 Critical |
| User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40760 | 1 Phpjabbers | 1 Hotel Booking System | 2024-11-21 | 9.8 Critical |
| User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40759 | 1 Phpjabbers | 1 Restaurant Booking Script | 2024-11-21 | 9.8 Critical |
| User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40758 | 1 Phpjabbers | 1 Document Creator | 2024-11-21 | 9.8 Critical |
| User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40757 | 1 Phpjabbers | 1 Food Delivery Script | 2024-11-21 | 9.8 Critical |
| User enumeration is found in PHPJabbers Food Delivery Script v3.1. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40171 | 1 Netflix | 1 Dispatch | 2024-11-21 | 9.1 Critical |
| Dispatch is an open source security incident management tool. The server response includes the JWT Secret Key used for signing JWT tokens in error message when the `Dispatch Plugin - Basic Authentication Provider` plugin encounters an error when attempting to decode a JWT token. Any Dispatch users who own their instance and rely on the `Dispatch Plugin - Basic Authentication Provider` plugin for authentication may be impacted, allowing for any account to be taken over within their own instance. This could be done by using the secret to sign attacker crafted JWTs. If you think that you may be impacted, we strongly suggest you to rotate the secret stored in the `DISPATCH_JWT_SECRET` envvar in the `.env` file. This issue has been addressed in commit `b1942a4319` which has been included in the `20230817` release. users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-39264 | 1 Apache | 1 Superset | 2024-11-21 | 4.3 Medium |
| By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0. | ||||
| CVE-2023-37489 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 5.3 Medium |
| Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no impact on the application's availability or integrity. | ||||
| CVE-2023-37260 | 2 Oauth2-server Project, Thephpleague | 2 Oauth2-server, Oauth2-server | 2024-11-21 | 8.2 High |
| league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException message if they did not provide a valid pass phrase for the key where required. This issue has been patched so that the provided key is no longer exposed in the exception message in the scenario outlined above. Users should upgrade to version 8.5.3 to receive the patch. As a workaround, pass the key as a file instead of a string. | ||||
| CVE-2023-33835 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-11-21 | 4.3 Medium |
| IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 256015. | ||||
| CVE-2023-33834 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-11-21 | 4.3 Medium |
| IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-force ID: 256014. | ||||
| CVE-2023-32755 | 1 Edetw | 1 U-office Force | 2024-11-21 | 5.3 Medium |
| e-Excellence U-Office Force generates an error message in webiste service. An unauthenticated remote attacker can obtain partial sensitive system information from error message by sending a crafted command. | ||||
| CVE-2023-31429 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 5.5 Medium |
| Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal. | ||||
| CVE-2023-31048 | 1 Opcfoundation | 1 Ua-.netstandard | 2024-11-21 | 5.3 Medium |
| The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely. | ||||
| CVE-2023-27319 | 1 Netapp | 1 Ontap Mediator | 2024-11-21 | 5.3 Medium |
| ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API. | ||||
| CVE-2023-26272 | 1 Ibm | 1 Guardium Cloud Key Manager | 2024-11-21 | 5.3 Medium |
| IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 248133. | ||||
| CVE-2023-25956 | 1 Apache | 1 Apache-airflow-providers-amazon | 2024-11-21 | 7.5 High |
| Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1. | ||||
| CVE-2023-22626 | 1 Pghero Project | 1 Pghero | 2024-11-21 | 7.5 High |
| PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. (Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server.) | ||||
| CVE-2023-1210 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.1 Low |
| An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user's email via an error message for groups that restrict membership by email domain. | ||||