Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-200
Total 6955 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-42439 3 Ibm, Linux, Microsoft 4 Aix, App Connect Enterprise, Linux Kernel and 1 more 2023-02-17 N/A 4.9 MEDIUM
IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.
CVE-2023-25165 1 Helm 1 Helm 2023-02-16 N/A 4.3 MEDIUM
Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS lookup happens when used with `helm install|upgrade|template` or when the Helm SDK is used to render a chart. Information passed into the chart can be disclosed to the DNS servers used to lookup the IP address. For example, a malicious chart could inject `getHostByName` into a chart in order to disclose values to a malicious DNS server. The issue has been fixed in Helm 3.11.1. Prior to using a chart with Helm verify the `getHostByName` function is not being used in a template to disclose any information you do not want passed to DNS servers.
CVE-2022-46650 1 Sierrawireless 9 Aleos, Es450, Gx450 and 6 more 2023-02-16 N/A 4.9 MEDIUM
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.
CVE-2015-8393 3 Fedoraproject, Pcre, Php 3 Fedora, Perl Compatible Regular Expression Library, Php 2023-02-16 5.0 MEDIUM 7.5 HIGH
pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
CVE-2020-35568 2 Helmholz, Mbconnectline 4 Myrex24, Myrex24.virtual, Mbconnect24 and 1 more 2023-02-15 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account.
CVE-2022-39307 1 Grafana 1 Grafana 2023-02-15 N/A 5.3 MEDIUM
Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the `/api/user/password/sent-reset-email` URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks information to unauthenticated users and introduces a security risk. This issue has been patched in 9.2.4 and backported to 8.5.15. There are no known workarounds.
CVE-2023-23624 1 Discourse 1 Discourse 2023-02-14 N/A 5.3 MEDIUM
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, someone can use the `exclude_tag param` to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse site using hidden tags in public categories. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. As a workaround, secure any categories that are using hidden tags, change any existing hidden tags to not include private data, or remove any hidden tags currently in use.
CVE-2023-23620 1 Discourse 1 Discourse 2023-02-14 N/A 5.3 MEDIUM
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds.
CVE-2022-23498 1 Grafana 1 Grafana 2023-02-13 N/A 8.8 HIGH
Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including `grafana_session`. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the vulnerability you can disable datasource query caching for all datasources. This issue has been patched in versions 9.2.10 and 9.3.4.
CVE-2022-0355 1 Simple-get Project 1 Simple-get 2023-02-13 5.0 MEDIUM 7.5 HIGH
Exposure of Sensitive Information to an Unauthorized Actor in NPM simple-get prior to 4.0.1.
CVE-2018-1097 2 Redhat, Theforeman 2 Satellite, Foreman 2023-02-12 4.0 MEDIUM 8.8 HIGH
A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.
CVE-2018-16866 5 Canonical, Debian, Netapp and 2 more 21 Ubuntu Linux, Debian Linux, Active Iq Performance Analytics Services and 18 more 2023-02-12 2.1 LOW 3.3 LOW
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.
CVE-2016-2142 1 Redhat 1 Openshift 2023-02-12 2.1 LOW 5.5 MEDIUM
Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file.
CVE-2016-2149 1 Redhat 1 Openshift 2023-02-12 4.0 MEDIUM 6.5 MEDIUM
Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace.
CVE-2016-2140 1 Openstack 1 Nova 2023-02-12 3.5 LOW 5.3 MEDIUM
The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.
CVE-2016-3111 1 Pulpproject 1 Pulp 2023-02-12 2.1 LOW 5.5 MEDIUM
pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via reading the key files while the installation process is running.
CVE-2016-4992 1 Redhat 4 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server and 1 more 2023-02-12 5.0 MEDIUM 7.5 HIGH
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects.
CVE-2016-3696 2 Fedoraproject, Pulpproject 2 Fedora, Pulp 2023-02-12 2.1 LOW 5.5 MEDIUM
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.
CVE-2013-1928 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2023-02-12 4.7 MEDIUM N/A
The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device.
CVE-2013-0349 1 Linux 1 Linux Kernel 2023-02-12 1.9 LOW N/A
The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call.