Lucene search
K

213 matches found

cvelist
cvelist
added 2024/08/22 6:29 a.m.31 views

CVE-2024-32939 Email addresses of remote users visible in props regardless of server settings

Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0, 9.8.x = 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server."...

4.3CVSS0.0022EPSS
Exploits0References1
osv
osv
added 2024/05/23 5:15 p.m.4 views

CVE-2024-5143

A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed...

6.8CVSS5.8AI score0.00402EPSS
Exploits0References1
cve
cve
added 2024/05/23 4:58 p.m.2456 views

CVE-2024-5143

The CVE-2024-5143 entry describes a vulnerability in HP LaserJet Pro printers where a user with device administrative privileges can modify SMTP server settings without re‑entering credentials. This can redirect send‑to‑email traffic to an attacker‑controlled SMTP server and potentially expose th...

6.8CVSS6.8AI score0.00402EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2024/05/23 4:58 p.m.35 views

CVE-2024-5143

A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed...

6.6AI score0.00402EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/05/23 12:0 a.m.6 views

PT-2024-4026

Name of the Vulnerable Software and Affected Versions: HP Color LaserJet MFP M478-M479 series affected versions not specified Description: The issue is related to a weakness in the authentication procedure of the HP Color LaserJet MFP M478-M479 series, which can potentially expose protected SMTP...

6.8CVSS5.9AI score0.00402EPSS
Exploits0References6
cnnvd
cnnvd
added 2024/05/23 12:0 a.m.5 views

Hp LaserJet Pro Printer 安全漏洞

The HP Hp LaserJet Pro Printer is a laser printer from Hewlett-Packard HP in the United States. A security vulnerability exists in the Hp LaserJet Pro Printer that originates from a user with device administrative privileges being able to change the existing SMTP server settings on the device...

6.8CVSS6.7AI score0.00402EPSS
Exploits0References3
citrix
citrix
added 2024/04/03 12:0 a.m.7 views

Unable to change ciphers or SSL parameters on SSL Bridge virtual server.

No option is available to change ciphers or SSL parameters on SSLBRIDGE type virtual server...

7.1AI score
Exploits0
osv
osv
added 2024/03/06 11:4 a.m.23 views

BIT-POSTGRESQL-2021-3677

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

6.5CVSS6.6AI score0.0142EPSS
Exploits0References5
attackerkb
attackerkb
added 2024/01/13 4:15 a.m.3 views

CVE-2023-51070

An access control issue in QStar Archive Solutions Release RELEASE3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server...

7.5CVSS5.8AI score0.00552EPSS
Exploits1References2
osv
osv
added 2024/01/13 4:15 a.m.4 views

CVE-2023-51070

An access control issue in QStar Archive Solutions Release RELEASE3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server...

7.5CVSS5.8AI score0.00552EPSS
Exploits1References1
cve
cve
added 2023/12/27 6:45 p.m.70 views

CVE-2023-52077

CVE-2023-52077 concerns Nexkey, a Misskey v12 fork. Before 12.23Q4.5, external apps using administrator/moderator-issued tokens could call admin APIs, enabling operations like updating server settings and risking object storage and email credentials. The issue is patched in 12.23Q4.5. No exploita...

9.8CVSS9.3AI score0.00693EPSS
Exploits0References4Affected Software1
osv
osv
added 2023/12/27 6:45 p.m.24 views

CVE-2023-52077 External apps using tokens issued by administrators and moderators can call admin APIs

Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server...

8.9CVSS9AI score0.00693EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2023/12/27 12:0 a.m.4 views

PT-2023-31912 · Nexkey · Nexkey

Name of the Vulnerable Software and Affected Versions: Nexkey versions prior to 12.23Q4.5 Description: Nexkey, a lightweight fork of Misskey v12 optimized for small to medium size servers, allows external apps using tokens issued by administrators and moderators to call admin APIs. This enables...

9.8CVSS9.3AI score0.00693EPSS
Exploits0References9
cnnvd
cnnvd
added 2023/12/12 12:0 a.m.8 views

Umbraco Information Disclosure Vulnerability

Umbraco is an open source Content Management System CMS written in C by Umbraco, Denmark. Umbraco suffers from an information disclosure vulnerability that stems from a user enumeration attack that can occur when SMTP settings are incorrect but reset passwords are enabled...

5.3CVSS6.2AI score0.0046EPSS
Exploits0References2
cvelist
cvelist
added 2023/10/25 2:13 p.m.26 views

CVE-2023-41372

The vulnerability allows an unprivileged untrusted third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcode...

7.8CVSS7.6AI score0.00199EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2023/10/25 12:0 a.m.5 views

PT-2023-27933 · Google · Android Client

Name of the Vulnerable Software and Affected Versions: Android Client application affected versions not specified Description: The issue allows an unprivileged third-party application to arbitrarily modify the server settings of the Android Client application, causing it to connect to a malicious...

7.8CVSS7.3AI score0.00199EPSS
Exploits0References3
cnnvd
cnnvd
added 2023/10/25 12:0 a.m.4 views

Bosch ctrlX HMI Web Panel WR21 Trust Management Issue Vulnerability

Bosch ctrlX HMI Web Panel WR21 is an HMI panel from Bosch Germany. A security vulnerability exists in Bosch ctrlX HMI Web Panel WR21 that originates from allowing an unprivileged attacker to modify the server settings of the Android Agent application, thereby inducing it to connect to a malicious...

7.8CVSS6.7AI score0.00199EPSS
Exploits0References2
osv
osv
added 2023/10/20 8:15 a.m.4 views

CVE-2023-4668

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins present and active, active theme,...

7.5CVSS7.1AI score0.00512EPSS
Exploits0References2
prion
prion
added 2023/10/20 8:15 a.m.30 views

Code injection

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins present and active, active theme,...

5CVSS7.5AI score0.00512EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2023/10/20 7:29 a.m.11 views

CVE-2023-4668 Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins present and active, active theme,...

5.3CVSS7.1AI score0.00512EPSS
Exploits0References2
Rows per page
Query Builder