Total
8075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0340 | 1 Linux | 1 Linux Kernel | 2024-06-27 | N/A | 5.5 MEDIUM |
| A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. | |||||
| CVE-2023-6105 | 3 Linux, Microsoft, Zohocorp | 41 Linux Kernel, Windows, Manageengine Access Manager Plus and 38 more | 2024-06-26 | N/A | 5.5 MEDIUM |
| An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database. | |||||
| CVE-2020-15502 | 1 Duckduckgo | 1 Duckduckgo | 2024-06-26 | 5.0 MEDIUM | 7.5 HIGH |
| The DuckDuckGo application through 5.58.0 for Android, and through 7.47.1.0 for iOS, sends hostnames of visited web sites within HTTPS .ico requests to servers in the duckduckgo.com domain, which might make visit data available temporarily at a Potentially Unwanted Endpoint. NOTE: the vendor has stated "the favicon service adheres to our strict privacy policy. | |||||
| CVE-2024-5010 | 2024-06-26 | N/A | 7.5 HIGH | ||
| In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive information. | |||||
| CVE-2024-6294 | 2024-06-25 | N/A | 3.9 LOW | ||
| udn News Android APP stores the user session in logcat file when user log into the APP. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by udn. | |||||
| CVE-2024-5059 | 1 Awplife | 1 Event Monster | 2024-06-24 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event Management Tickets Booking.This issue affects Event Management Tickets Booking: from n/a through 1.4.0. | |||||
| CVE-2024-35776 | 1 Exeebit | 1 Phpinfo-wp | 2024-06-24 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exeebit phpinfo() WP.This issue affects phpinfo() WP: from n/a through 5.0. | |||||
| CVE-2024-30096 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-06-20 | N/A | 5.5 MEDIUM |
| Windows Cryptographic Services Information Disclosure Vulnerability | |||||
| CVE-2024-35263 | 1 Microsoft | 1 Dynamics 365 | 2024-06-20 | N/A | 5.7 MEDIUM |
| Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | |||||
| CVE-2024-37895 | 2024-06-20 | N/A | 5.7 MEDIUM | ||
| Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. This issue has been addressed in version 0.162.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2019-15045 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-06-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality | |||||
| CVE-2024-3716 | 1 Redhat | 1 Satellite | 2024-06-18 | N/A | 6.2 MEDIUM |
| A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in the process list and allows an attacker to take advantage and obtain the password. | |||||
| CVE-2024-4008 | 1 Abb | 10 2tma310010b0001, 2tma310010b0001 Firmware, 2tma310010b0003 and 7 more | 2024-06-18 | N/A | 8.8 HIGH |
| FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System | |||||
| CVE-2024-0569 | 1 Totolink | 2 T8, T8 Firmware | 2024-06-18 | 4.0 MEDIUM | 9.1 CRITICAL |
| A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.5cu.862_B20230228 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-250785 was assigned to this vulnerability. | |||||
| CVE-2024-4584 | 2024-06-17 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263306 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0093 | 2024-06-17 | N/A | 6.5 MEDIUM | ||
| NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure. | |||||
| CVE-2024-5813 | 2024-06-13 | N/A | 5.9 MEDIUM | ||
| A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response. | |||||
| CVE-2024-37325 | 2024-06-13 | N/A | 8.1 HIGH | ||
| Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability | |||||
| CVE-2024-37307 | 2024-06-13 | N/A | 7.9 HIGH | ||
| Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of `cilium-bugtool` can contain sensitive data when the tool is run (with the `--envoy-dump` flag set) against Cilium deployments with the Envoy proxy enabled. Users of the TLS inspection, Ingress with TLS termination, Gateway API with TLS termination, and Kafka network policies with API key filtering features are affected. The sensitive data includes the CA certificate, certificate chain, and private key used by Cilium HTTP Network Policies, and when using Ingress/Gateway API and the API keys used in Kafka-related network policy. `cilium-bugtool` is a debugging tool that is typically invoked manually and does not run during the normal operation of a Cilium cluster. This issue has been patched in Cilium v1.15.6, v1.14.12, and v1.13.17. There is no workaround to this issue. | |||||
| CVE-2024-30472 | 2024-06-13 | N/A | 7.5 HIGH | ||
| Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability leading to information disclosure. | |||||