Total
91 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3774 | 2024-10-14 | N/A | 5.3 MEDIUM | ||
| aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values. | |||||
| CVE-2023-37487 | 1 Sap | 1 Business One | 2024-09-28 | N/A | 5.3 MEDIUM |
| SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application | |||||
| CVE-2022-38710 | 2 Ibm, Microsoft | 4 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 1 more | 2024-09-21 | N/A | 5.3 MEDIUM |
| IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. IBM X-Force ID: 234292. | |||||
| CVE-2024-39675 | 2024-07-09 | N/A | N/A | ||
| A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4.3.10), RUGGEDCOM RP110NC (All versions < V4.3.10), RUGGEDCOM RS400 (All versions < V4.3.10), RUGGEDCOM RS400NC (All versions < V4.3.10), RUGGEDCOM RS401 (All versions < V4.3.10), RUGGEDCOM RS401NC (All versions < V4.3.10), RUGGEDCOM RS416 (All versions < V4.3.10), RUGGEDCOM RS416NC (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416P (All versions < V4.3.10), RUGGEDCOM RS416PNC (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS910 (All versions < V4.3.10), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910LNC (All versions), RUGGEDCOM RS910NC (All versions < V4.3.10), RUGGEDCOM RS910W (All versions < V4.3.10), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920LNC (All versions), RUGGEDCOM RS920W (All versions). In some configurations the affected products wrongly enable the Modbus service in non-managed VLANS. Only serial devices are affected by this vulnerability. | |||||
| CVE-2023-50180 | 1 Fortinet | 1 Fortiadc | 2024-05-23 | N/A | 5.5 MEDIUM |
| An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other admins. | |||||
| CVE-2024-31419 | 2024-04-03 | N/A | N/A | ||
| An information disclosure flaw was found in OpenShift Virtualization. The DownwardMetrics feature was introduced to expose host metrics to virtual machine guests and is enabled by default. This issue could expose limited host metrics of a node to any guest in any namespace without being explicitly enabled by an administrator. | |||||
| CVE-2021-1544 | 1 Cisco | 1 Webex Meetings | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in logging mechanisms of Cisco Webex Meetings client software could allow an authenticated, local attacker to gain access to sensitive information. This vulnerability is due to unsafe logging of application actions. An attacker could exploit this vulnerability by logging onto the local system and accessing files containing the logged details. A successful exploit could allow the attacker to gain access to sensitive information, including meeting data and recorded meeting transcriptions. | |||||
| CVE-2021-1535 | 1 Cisco | 1 Sd-wan Vmanage | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the Cisco SD-WAN vManage Software must be in cluster mode. This vulnerability is due to the absence of authentication for sensitive information in the cluster management interface. An attacker could exploit this vulnerability by sending a crafted request to the cluster management interface of an affected system. A successful exploit could allow the attacker to allow the attacker to view sensitive information on the affected system. | |||||
| CVE-2022-1902 | 1 Redhat | 1 Advanced Cluster Security | 2023-02-12 | N/A | 8.8 HIGH |
| A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges. | |||||
| CVE-2022-2403 | 1 Redhat | 1 Openshift | 2023-02-12 | N/A | 6.5 MEDIUM |
| A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate. | |||||
| CVE-2021-1235 | 1 Cisco | 1 Sd-wan Vmanage | 2021-01-27 | 4.9 MEDIUM | 5.5 MEDIUM |
| A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read database files from the filesystem of the underlying operating system. | |||||