| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php. |
| ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Input Validation. A lack of input validation can allow an attacker to spoof the names of users who interact with a document, if the document id is known. |
| Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40. |
| AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated attacker. |
| A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. |
|
IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID: 235408.
|
| An access control issue in the component /juis_boxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication. NOTE: this is disputed by the Supplier because it cannot be reproduced, and the issue report focuses on an unintended configuration with direct Internet exposure. |
| Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing. |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Administrative User Email Enumeration OVE-20230524-0011. |
| The DAP to Autoresponders Email Syncing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file. |
| Raven is an open-source messaging platform. A vulnerability allowed any logged in user to execute code via an API endpoint. This vulnerability is fixed in 2.1.10. |
| The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.3.1 via the 'awesome-support' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/awesome-support directory which can contain file attachments included in support tickets. The vulnerability was partially patched in version 6.3.1. |
|
IBM InfoSphere Information Server 11.7 could allow a remote attacked to cause some of the components to be unusable until the process is restarted. IBM X-Force ID: 237583.
|
| Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter getUserNamePassword. |
| Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerability when requesting systemutilit.cgi. |
| VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication. |
| libming v0.4.8 was discovered to contain a memory leak via the parseSWF_PLACEOBJECT3 function. |
| libming v0.4.8 was discovered to contain a memory leak via the parseSWF_INITACTION function. |
| libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHLINESTYLES function. |
| libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHFILLSTYLES function. |
