Total
434 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46240 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | 7.5 High |
| CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace `ini_set('display_errors', '0')` with `ini_set('display_errors', 'Off')` in `app/Config/Boot/production.php`. | ||||
| CVE-2023-45701 | 1 Hcltechsw | 1 Hcl Launch | 2024-11-21 | 4.3 Medium |
| HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||||
| CVE-2023-42475 | 1 Sap | 1 S\/4hana | 2024-11-21 | 4.3 Medium |
| The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality. | ||||
| CVE-2023-42013 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | 5.3 Medium |
| IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510. | ||||
| CVE-2023-41027 | 1 Juplink | 2 Rx4-1500, Rx4-1500 Firmware | 2024-11-21 | 8 High |
| Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint. | ||||
| CVE-2023-40767 | 1 Phpjabbers | 1 Make An Offer Widget | 2024-11-21 | 9.8 Critical |
| User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40766 | 1 Phpjabbers | 1 Ticket Support Script | 2024-11-21 | 9.8 Critical |
| User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40765 | 1 Phpjabbers | 1 Event Booking Calendar | 2024-11-21 | 9.8 Critical |
| User enumeration is found in PHPJabbers Event Booking Calendar v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40764 | 1 Phpjabbers | 1 Car Rental Script | 2024-11-21 | 9.8 Critical |
| User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40763 | 1 Phpjabbers | 1 Taxi Booking Script | 2024-11-21 | 9.8 Critical |
| User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40762 | 1 Phpjabbers | 1 Fundraising Script | 2024-11-21 | 9.8 Critical |
| User enumeration is found in PHPJabbers Fundraising Script v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40761 | 1 Phpjabbers | 1 Yacht Listing Script | 2024-11-21 | 9.8 Critical |
| User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40760 | 1 Phpjabbers | 1 Hotel Booking System | 2024-11-21 | 9.8 Critical |
| User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40759 | 1 Phpjabbers | 1 Restaurant Booking Script | 2024-11-21 | 9.8 Critical |
| User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40758 | 1 Phpjabbers | 1 Document Creator | 2024-11-21 | 9.8 Critical |
| User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40757 | 1 Phpjabbers | 1 Food Delivery Script | 2024-11-21 | 9.8 Critical |
| User enumeration is found in PHPJabbers Food Delivery Script v3.1. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40171 | 1 Netflix | 1 Dispatch | 2024-11-21 | 9.1 Critical |
| Dispatch is an open source security incident management tool. The server response includes the JWT Secret Key used for signing JWT tokens in error message when the `Dispatch Plugin - Basic Authentication Provider` plugin encounters an error when attempting to decode a JWT token. Any Dispatch users who own their instance and rely on the `Dispatch Plugin - Basic Authentication Provider` plugin for authentication may be impacted, allowing for any account to be taken over within their own instance. This could be done by using the secret to sign attacker crafted JWTs. If you think that you may be impacted, we strongly suggest you to rotate the secret stored in the `DISPATCH_JWT_SECRET` envvar in the `.env` file. This issue has been addressed in commit `b1942a4319` which has been included in the `20230817` release. users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-3362 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub. | ||||
| CVE-2023-39264 | 1 Apache | 1 Superset | 2024-11-21 | 4.3 Medium |
| By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0. | ||||
| CVE-2023-37489 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 5.3 Medium |
| Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no impact on the application's availability or integrity. | ||||