Total
325 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40766 | 1 Phpjabbers | 1 Ticket Support Script | 2023-11-07 | 9.8 Critical |
| User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40765 | 1 Phpjabbers | 1 Event Booking Calendar | 2023-11-07 | 9.8 Critical |
| User enumeration is found in PHPJabbers Event Booking Calendar v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40764 | 1 Phpjabbers | 1 Car Rental Script | 2023-11-07 | 9.8 Critical |
| User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40763 | 1 Phpjabbers | 1 Taxi Booking Script | 2023-11-07 | 9.8 Critical |
| User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40762 | 1 Phpjabbers | 1 Fundraising Script | 2023-11-07 | 9.8 Critical |
| User enumeration is found in PHPJabbers Fundraising Script v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40761 | 1 Phpjabbers | 1 Yacht Listing Script | 2023-11-07 | 9.8 Critical |
| User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40760 | 1 Phpjabbers | 1 Hotel Booking System | 2023-11-07 | 9.8 Critical |
| User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40759 | 1 Phpjabbers | 1 Restaurant Booking Script | 2023-11-07 | 9.8 Critical |
| User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40758 | 1 Phpjabbers | 1 Document Creator | 2023-11-07 | 9.8 Critical |
| User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-40757 | 1 Phpjabbers | 1 Food Delivery Script | 2023-11-07 | 9.8 Critical |
| User enumeration is found in PHPJabbers Food Delivery Script v3.1. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2023-28117 | 1 Sentry | 1 Sentry Software Development Kit | 2023-11-07 | 6.5 Medium |
| Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their privileges within your application. In order for these sensitive values to be leaked, the Sentry SDK configuration must have `sendDefaultPII` set to `True`; one must use a custom name for either `SESSION_COOKIE_NAME` or `CSRF_COOKIE_NAME` in one's Django settings; and one must not be configured in one's organization or project settings to use Sentry's data scrubbing features to account for the custom cookie names. As of version 1.14.0, the Django integration of the `sentry-sdk` will detect the custom cookie names based on one's Django settings and will remove the values from the payload before sending the data to Sentry. As a workaround, use the SDK's filtering mechanism to remove the cookies from the payload that is sent to Sentry. For error events, this can be done with the `before_send` callback method and for performance related events (transactions) one can use the `before_send_transaction` callback method. Those who want to handle filtering of these values on the server-side can also use Sentry's advanced data scrubbing feature to account for the custom cookie names. Look for the `$http.cookies`, `$http.headers`, `$request.cookies`, or `$request.headers` fields to target with a scrubbing rule. | ||||
| CVE-2023-26051 | 1 Saleor | 1 Saleor | 2023-11-07 | 4.3 Medium |
| Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests. | ||||
| CVE-2023-25956 | 1 Apache | 1 Apache-airflow-providers-amazon | 2023-11-07 | 7.5 High |
| Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1. | ||||
| CVE-2023-25695 | 1 Apache | 1 Airflow | 2023-11-07 | 5.3 Medium |
| Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. | ||||
| CVE-2023-25687 | 1 Ibm | 1 Security Key Lifecycle Manager | 2023-11-07 | 4.3 Medium |
| IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files. IBM X-Force ID: 247602. | ||||
| CVE-2023-0833 | 2 Redhat, Squareup | 2 A-mq Streams, Okhttp | 2023-11-07 | 5.5 Medium |
| A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions. | ||||
| CVE-2022-4770 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2023-11-07 | 4.3 Medium |
| Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt). | ||||
| CVE-2022-4769 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2023-11-07 | 4.3 Medium |
| Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name. | ||||
| CVE-2022-46675 | 1 Dell | 1 Wyse Management Suite | 2023-11-07 | 5.3 Medium |
| Wyse Management Suite Repository 3.8 and below contain an information disclosure vulnerability. A unauthenticated attacker could potentially discover the internal structure of the application and its components and use this information for further vulnerability research. | ||||
| CVE-2022-39304 | 1 Ghinstallation Project | 1 Ghinstallation | 2023-11-07 | 4.7 Medium |
| ghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. In ghinstallation version 1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. The request contained the bearer JWT for the App, and was returned back to clients. This token is short lived (10 minute maximum). This issue has been patched and is available in version 2.0.0. | ||||