| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application. |
| In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended (reopening the app would require the user to log in). The data exposed depends on the last application view displayed before the application was minimized
This issue was fixed in version 4.71.0 |
| The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fixed in 3.6.4. |
| An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 allows an authenticated attacker using M-Files Web to capture session tokens of other active users. |
| An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database. |
| A vulnerability in Intrexx Portal Server 12.0.2 and earlier which was classified as problematic potentially allows users with particular permissions under certain conditions to see potentially sensitive data from a different user context. |
| Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application. |
| In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text
patient data to a hard-coded public IP address when a patient is hooked
up to the monitor. This could lead to a leakage of confidential patient
data to any device with that IP address or an attacker in a
machine-in-the-middle scenario. |
| An issue in Foundation.app Foundation platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Foundation, the signed message lacks a nonce (random number) |
| Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a `maven` source configured with basic auth credentials, the credentials are being leaked in the application execution logs in case of failure. Credentials are properly sanitized when the operation is successful but not when for whatever reason there is a failure in the maven repository, e.g. wrong coordinates provided, not existing artifact or version. Version 0.93.0 contains a patch for the issue. |
| In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from Weblir for PrestaShop, a guest can access direct link to connect to each customer account of the Shop if the module is not installed OR if a secret accessible to administrator is stolen. |
| Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Successful exploitation could allow an attacker to gain unauthorized access to services outside of the impacted switch, potentially leading to lateral movement involving those services. |
| Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. |
| In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can lead to leak of personal information. |
| Exposure of Private Personal Information to an Unauthorized Actor (CWE-359) in the Command Centre Server allows a privileged Operator to view limited personal data about a Cardholder they would not normally have permissions to view.
This issue affects Command Centre Server: 9.30.1874 (MR1), 9.20.2337 (MR3), 9.10.3194 (MR6). |
| HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names (or IDs). An attacker can use that information to target individuals with phishing or other social-engineering attacks. |
| An issue in FME Modules eventsmanager before 4.4.0 allows an attacker to obtain sensitive information from the ps_customer component. |
| Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information. |
| A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized access or data breaches. |
| Information disclosure in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. |