Total
8202 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39620 | 1 Buffalo | 2 Terastation Nas 5410r, Terastation Nas 5410r Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest account function. | |||||
| CVE-2023-39519 | 1 Fit2cloud | 1 Cloudexplorer Lite | 2024-11-21 | N/A | 7.5 HIGH |
| Cloud Explorer Lite is an open source cloud management platform. Prior to version 1.4.0, there is a risk of sensitive information leakage in the user information acquisition of CloudExplorer Lite. The vulnerability has been fixed in version 1.4.0. | |||||
| CVE-2023-39337 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-11-21 | N/A | 9.1 CRITICAL |
| A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets. This vulnerability poses a serious security risk, potentially exposing confidential data and system integrity. | |||||
| CVE-2023-39289 | 1 Mitel | 1 Mivoice Connect | 2024-11-21 | N/A | 7.5 HIGH |
| A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an unauthenticated attacker to conduct an account enumeration attack due to improper configuration. A successful exploit could allow an attacker to access system information. | |||||
| CVE-2023-39057 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | N/A | 7.5 HIGH |
| An information leak in hirochanKAKIwaiting v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39054 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | N/A | 7.5 HIGH |
| An information leak in Tokudaya.ekimae_mc v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39053 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | N/A | 7.5 HIGH |
| An information leak in Hattoriya v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39052 | 1 Earthgarden Waiting Project | 1 Earthgarden Waiting | 2024-11-21 | N/A | 6.5 MEDIUM |
| An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39051 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | N/A | 7.5 HIGH |
| An information leak in VISION MEAT WORKS Track Diner 10/10mbl v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39050 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | N/A | 7.5 HIGH |
| An information leak in Daiky-value.Fukueten v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39048 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | N/A | 7.5 HIGH |
| An information leak in Tokudaya.honten v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39047 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | N/A | 7.5 HIGH |
| An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39045 | 1 Kokoroe Members Card Project | 1 Kokoroe Members Card | 2024-11-21 | N/A | 6.5 MEDIUM |
| An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39042 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | N/A | 7.5 HIGH |
| An information leak in Gyouza-newhushimi v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-38849 | 1 Linecorp | 1 Line | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | |||||
| CVE-2023-38847 | 1 Linecorp | 1 Line | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | |||||
| CVE-2023-38846 | 1 Linecorp | 1 Line | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in Marbre Lapin Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | |||||
| CVE-2023-38845 | 1 Linecorp | 1 Line | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in Anglaise Company Anglaise.Company v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | |||||
| CVE-2023-38344 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an authenticated attacker to read arbitrary files from a remote system, including the private key used to authenticate to agents for remote access. | |||||
| CVE-2023-38301 | 2024-11-21 | N/A | 3.4 LOW | ||
| An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and T-Mobile Revvl V+ 5G devices leak the device serial number to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in these instances they are leaked by a high-privilege process and can be obtained indirectly. The software build fingerprints for each confirmed vulnerable device are as follows: BLU View 2 (BLU/B131DL/B130DL:11/RP1A.200720.011/1672046950:user/release-keys); Boost Mobile Celero 5G (Celero5G/Jupiter/Jupiter:11/RP1A.200720.011/SW_S98119AA1_V067:user/release-keys); Sharp Rouvo V (SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_530:user/release-keys); Motorola Moto G Pure (motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-2/74844:user/release-keys, motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-7/5cde8:user/release-keys, motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-10/d67faa:user/release-keys, motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-13/b4a29:user/release-keys, motorola/ellis_trac/ellis:12/S3RH32.20-42-10/1c2540:user/release-keys, motorola/ellis_trac/ellis:12/S3RHS32.20-42-13-2-1/6368dd:user/release-keys, motorola/ellis_a/ellis:11/RRH31.Q3-46-50-2/20fec:user/release-keys, motorola/ellis_vzw/ellis:11/RRH31.Q3-46-138/103bd:user/release-keys, motorola/ellis_vzw/ellis:11/RRHS31.Q3-46-138-2/e5502:user/release-keys, and motorola/ellis_vzw/ellis:12/S3RHS32.20-42-10-14-2/5e0b0:user/release-keys); Motorola Moto G Power (motorola/tonga_g/tonga:11/RRQ31.Q3-68-16-2/e5877:user/release-keys and motorola/tonga_g/tonga:12/S3RQS32.20-42-10-6/f876d3:user/release-keys); T-Mobile Revvl 6 Pro 5G (T-Mobile/Augusta/Augusta:12/SP1A.210812.016/SW_S98121AA1_V070:user/release-keys); and T-Mobile Revvl V+ 5G (T-Mobile/Sprout/Sprout:11/RP1A.200720.011/SW_S98115AA1_V077:user/release-keys). This malicious app reads from the "vendor.gsm.serial" system property to indirectly obtain the device serial number. | |||||