Total
9894 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39383 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security. | ||||
| CVE-2023-39337 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-11-21 | 9.1 Critical |
| A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets. This vulnerability poses a serious security risk, potentially exposing confidential data and system integrity. | ||||
| CVE-2023-39289 | 1 Mitel | 1 Mivoice Connect | 2024-11-21 | 7.5 High |
| A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an unauthenticated attacker to conduct an account enumeration attack due to improper configuration. A successful exploit could allow an attacker to access system information. | ||||
| CVE-2023-39057 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in hirochanKAKIwaiting v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39054 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in Tokudaya.ekimae_mc v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39053 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in Hattoriya v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39052 | 1 Earthgarden Waiting Project | 1 Earthgarden Waiting | 2024-11-21 | 6.5 Medium |
| An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39051 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in VISION MEAT WORKS Track Diner 10/10mbl v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39050 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in Daiky-value.Fukueten v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39048 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in Tokudaya.honten v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39047 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39045 | 1 Kokoroe Members Card Project | 1 Kokoroe Members Card | 2024-11-21 | 6.5 Medium |
| An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39042 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in Gyouza-newhushimi v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-38898 | 1 Python | 1 Python | 2024-11-21 | 5.3 Medium |
| An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug. | ||||
| CVE-2023-38849 | 1 Linecorp | 1 Line | 2024-11-21 | 7.5 High |
| An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||||
| CVE-2023-38847 | 1 Linecorp | 1 Line | 2024-11-21 | 7.5 High |
| An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||||
| CVE-2023-38846 | 1 Linecorp | 1 Line | 2024-11-21 | 7.5 High |
| An issue in Marbre Lapin Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||||
| CVE-2023-38845 | 1 Linecorp | 1 Line | 2024-11-21 | 7.5 High |
| An issue in Anglaise Company Anglaise.Company v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||||
| CVE-2023-38718 | 1 Ibm | 1 Robotic Process Automation | 2024-11-21 | 3.7 Low |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606. | ||||
| CVE-2023-38700 | 1 Matrix | 1 Matrix Irc Bridge | 2024-11-21 | 3.5 Low |
| matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue. As a workaround, set the `matrixHandler.eventCacheSize` config value to `0`. This workaround may impact performance. | ||||