Export limit exceeded: 25150 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10358 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10358 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31346 | 2 Amd, Redhat | 128 Epyc 7203 Firmware, Epyc 7203p, Epyc 7203p Firmware and 125 more | 2025-03-20 | 6 Medium |
| Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests. | ||||
| CVE-2023-0020 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2025-03-20 | 8.5 High |
| SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact on confidentiality and limited impact on integrity of the application. | ||||
| CVE-2024-38970 | 1 Vaethink | 1 Vaethink | 2025-03-20 | 4.9 Medium |
| vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function. | ||||
| CVE-2024-27362 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2025-03-20 | 4.4 Medium |
| A vulnerability was discovered in Samsung Mobile Processors Exynos 1280, Exynos 2200, Exynos 1330, Exynos 1380, and Exynos 2400 where they do not properly check the length of the data, which can lead to a Information disclosure. | ||||
| CVE-2023-23458 | 1 Sunellsecurity | 14 Sn-adr3804e1, Sn-adr3804e1 Firmware, Sn-adr3808e1 and 11 more | 2025-03-19 | 6.5 Medium |
| Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information to an Unauthorized Actor through an unspecified request. | ||||
| CVE-2024-33880 | 2 Microsoft, Virtosoftware | 2 Sharepoint Server, Sharepoint Bulk File Download | 2025-03-19 | 5.3 Medium |
| An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive. | ||||
| CVE-2020-12413 | 1 Mozilla | 2 Firefox, Firefox Esr | 2025-03-19 | 5.9 Medium |
| The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites. | ||||
| CVE-2024-0020 | 1 Google | 1 Android | 2025-03-19 | 5.5 Medium |
| In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure across users of a device with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-39817 | 1 Cybozu | 1 Office | 2025-03-18 | 6.5 Medium |
| Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App. | ||||
| CVE-2018-13873 | 1 Hdfgroup | 1 Hdf5 | 2025-03-18 | 9.8 Critical |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a buffer over-read in H5O_chunk_deserialize in H5Ocache.c. | ||||
| CVE-2024-42006 | 1 Keyfactor | 1 Aws Orchestrator | 2025-03-18 | 7.5 High |
| Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure. | ||||
| CVE-2024-26312 | 1 Archerirm | 1 Archer | 2025-03-18 | 4.3 Medium |
| Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. | ||||
| CVE-2022-32933 | 2 Apple, Redhat | 3 Macos, Enterprise Linux, Rhel Els | 2025-03-18 | 5.3 Medium |
| An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari private browsing mode. | ||||
| CVE-2024-31816 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-03-18 | 7.5 High |
| In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg. | ||||
| CVE-2022-43927 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2025-03-18 | 5.9 Medium |
| IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671. | ||||
| CVE-2022-27891 | 1 Palantir | 1 Gotham | 2025-03-18 | 5.3 Medium |
| Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected services to the latest version. This issue affects: Palantir Gotham versions prior to 103.30221005.0. | ||||
| CVE-2023-42948 | 1 Apple | 1 Macos | 2025-03-17 | 3.3 Low |
| This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14. A Wi-Fi password may not be deleted when activating a Mac in macOS Recovery. | ||||
| CVE-2024-47197 | 1 Apache | 1 Maven Archetype | 2025-03-17 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype integration testing creates a file called ./target/classes/archetype-it/archetype-settings.xml This file contains all the content from the users ~/.m2/settings.xml file, which often contains information they do not want to publish. We expect that on many developer machines, this also contains credentials. When the user runs mvn verify again (without a mvn clean), this file becomes part of the final artifact. If a developer were to publish this into Maven Central or any other remote repository (whether as a release or a snapshot) their credentials would be published without them knowing. | ||||
| CVE-2024-21685 | 1 Atlassian | 3 Jira Core, Jira Data Center, Jira Server | 2025-03-17 | 6.5 Medium |
| This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosure vulnerability which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Jira Core Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Jira Core Data Center 9.4: Upgrade to a release greater than or equal to 9.4.21 Jira Core Data Center 9.12: Upgrade to a release greater than or equal to 9.12.8 Jira Core Data Center 9.16: Upgrade to a release greater than or equal to 9.16.0 See the release notes. You can download the latest version of Jira Core Data Center from the download center. This vulnerability was found internally. | ||||
| CVE-2023-48957 | 1 Purevpn | 1 Purevpn | 2025-03-14 | 5.3 Medium |
| PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers. | ||||