CWE:
 

Nic nie znaleziono w bazie WLB2


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2024-09-10
Waiting for details
CVE-2024-44121

Updating...
 

 
Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be restricted. The vulnerability could expose internal user data that should remain confidential. It does not impact the integrity and availability of the application

 
Waiting for details
CVE-2024-7698

Updating...
 

 
A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks.

 
2024-08-22
Waiting for details
CVE-2024-39776

Updating...
 

 
Avtec Outpost stores sensitive information in an insecure location without proper access controls in place.

 
2024-08-14
Waiting for details
CVE-2024-28799

Updating...
 

 
IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly during back-end commands which may result in the unexpected disclosure of this information. IBM X-Force ID: 287173.

 
2024-08-13
Waiting for details
CVE-2024-7738

Updating...
 

 
A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Affected by this issue is some unknown functionality of the component Markdown File Handler. The manipulation leads to pathname traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

 
2024-06-03
Waiting for details
CVE-2024-31493

Updating...
 

 
An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses.

 
2024-02-08
Waiting for details
CVE-2023-6517

Updating...
 

 
Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. MIA-MED allows Collect Data as Provided by Users.This issue affects MIA-MED: before 1.0.7.

 
2024-01-11
Waiting for details
CVE-2024-22194

Updating...
 

 
cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`.

 
2023-08-25
Waiting for details
CVE-2023-40570

Updating...
 

 
Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The `/-/api` API explorer endpoint could reveal the names of both databases and tables - but not their contents - to an unauthenticated user. Datasette 1.0a4 has a fix for this issue. This will block access to the API explorer but will still allow access to the Datasette read or write JSON APIs, as those use different URL patterns within the Datasette `/database` hierarchy. This issue is patched in version 1.0a4.

 
2023-04-03
Waiting for details
CVE-2023-28834

Updating...
 

 
Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get the full data directory path of the Nextcloud server from an API endpoint. By itself this information is not problematic as it can also be guessed for most common setups, but it could speed up other unknown attacks in the future if the information is known. Nextcloud Server 24.0.6 and 25.0.4 and Nextcloud Enterprise Server 23.0.11, 24.0.6, and 25.0.4 contain patches for this issue. There are no known workarounds.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top