In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.
Max CVSS
4.0
EPSS Score
0.04%
Published
2022-12-08
Updated
2022-12-12
A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The affected products are vulnerable to an "Exposure of Sensitive Information to an Unauthorized Actor" vulnerability by leaking sensitive data in the HTTP Referer.
Max CVSS
7.5
EPSS Score
0.10%
Published
2022-12-13
Updated
2023-06-23
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
Max CVSS
8.8
EPSS Score
2.44%
Published
2022-12-14
Updated
2023-12-13
PrestaShop is an open-source e-commerce solution. Versions prior to 1.7.8.8 did not properly restrict host filesystem access for users. Users may have been able to view the contents of the upload directory without appropriate permissions. This issue has been addressed and users are advised to upgrade to version 1.7.8.8. There are no known workarounds for this issue.
Max CVSS
5.3
EPSS Score
0.05%
Published
2022-12-08
Updated
2023-07-07
Discourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches. As a workaround, use the `disable_email` site setting to disable all emails to non-staff users.
Max CVSS
4.3
EPSS Score
0.05%
Published
2022-11-29
Updated
2022-12-01
** UNSUPPPORTED WHEN ASSIGNED **missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.
Max CVSS
7.5
EPSS Score
0.13%
Published
2022-11-21
Updated
2023-03-13
An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)
Max CVSS
5.3
EPSS Score
0.06%
Published
2022-11-18
Updated
2022-11-28
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, an attacker can get access to system logs. An attacker would need credentials to exploit this vulnerability. This is fixed in Object First Ootbi BETA build 1.0.13.1611. Important note - This vulnerability is related to the Object First Ootbi BETA version, which is not released for production and therefore has no impact on the production environment. The production-ready Object First Ootbi version will have this vulnerability fixed.
Max CVSS
6.5
EPSS Score
0.06%
Published
2022-11-07
Updated
2023-03-17
Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validation. This may lead to information disclosure. This requires privileged access.
Max CVSS
6.5
EPSS Score
0.06%
Published
2022-12-21
Updated
2022-12-28
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
Max CVSS
5.5
EPSS Score
0.04%
Published
2022-11-07
Updated
2022-11-08
Windows Graphics Component Information Disclosure Vulnerability
Max CVSS
6.5
EPSS Score
0.04%
Published
2022-12-13
Updated
2023-03-10
Windows Bluetooth Driver Information Disclosure Vulnerability
Max CVSS
5.5
EPSS Score
0.04%
Published
2022-12-13
Updated
2023-03-10
IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID: 240829.
Max CVSS
5.7
EPSS Score
0.04%
Published
2022-12-01
Updated
2022-12-06
Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
Max CVSS
7.8
EPSS Score
0.11%
Published
2022-12-07
Updated
2022-12-09
An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.
Max CVSS
5.9
EPSS Score
0.13%
Published
2022-12-22
Updated
2023-05-30
An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.
Max CVSS
5.9
EPSS Score
0.13%
Published
2022-12-22
Updated
2023-05-30
Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
Max CVSS
7.8
EPSS Score
0.20%
Published
2022-12-07
Updated
2022-12-09
Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
Max CVSS
7.8
EPSS Score
0.11%
Published
2022-12-07
Updated
2022-12-09
IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to access sensitive information via the checkLoginUser, ate, telnet, version, setDebugCfg, and boot interfaces.
Max CVSS
7.5
EPSS Score
0.20%
Published
2022-10-27
Updated
2022-10-31
An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files.
Max CVSS
7.5
EPSS Score
0.17%
Published
2022-11-07
Updated
2022-11-08
The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be downloaded.
Max CVSS
7.5
EPSS Score
0.14%
Published
2022-11-15
Updated
2022-11-17
Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.
Max CVSS
7.8
EPSS Score
0.06%
Published
2022-10-13
Updated
2022-10-13
Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.
Max CVSS
7.8
EPSS Score
0.06%
Published
2022-10-13
Updated
2022-10-13
Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.
Max CVSS
7.8
EPSS Score
0.06%
Published
2022-10-13
Updated
2022-10-13
Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress.
Max CVSS
7.5
EPSS Score
0.14%
Published
2022-11-18
Updated
2022-11-22
1145 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!