JAL Information Technology Co., Ltd. Security Vulnerabilities
CVE-2024-4653 BlueNet Technology Clinical Browsing System outIndex.php sql injection
A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /xds/outIndex.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The...
6.3CVSS
7AI Score
0.0004EPSS
A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...
7.4AI Score
EPSS
Moodle LaTeX Information Disclosure
The TeX filter included with the installed version of Moodle can be exploited to reveal the contents of files on the remote host, subject to the privileges under which the web server...
7.6AI Score
0.022EPSS
MoinMoin Insertion of Sensitive Information into Log File
An information leak was discovered in MoinMoin's debug reporting version 1.5.7, which could expose information about the versions of software running on the host system. MoinMoin administrators can add "show_traceback=0" to their site configurations to disable debug...
6.6AI Score
0.019EPSS
CVE-2023-38264 IBM SDK, Java Technology Edition denial of service
The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: ...
5.9CVSS
6.3AI Score
0.0004EPSS
Slideshow Gallery <= 1.8 - Unauthenticated Sensitive Information Exposure
Description The plugin is vulnerable to Sensitive Information Exposure, allowing unauthenticated attackers to extract sensitive user or configuration...
5.3CVSS
6.3AI Score
0.0005EPSS
ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web...
6.1AI Score
0.0004EPSS
OpenStack Keystone Sensitive information disclosure via log files
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log...
6.7AI Score
0.0004EPSS
Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B.....
7.1AI Score
0.0004EPSS
Information Disclosure org.eclipse.jetty:jetty-util Dependency in Crowd Data Center and Server
This High severity org.eclipse.jetty:jetty-util Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.eclipse.jetty:jetty-util Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
7.5CVSS
7.2AI Score
0.003EPSS
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit...
7.8AI Score
0.0004EPSS
OpenStack Keystone allows information disclosure during account locking
OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated.....
7.5CVSS
6.8AI Score
0.002EPSS
Summary IBM Business Automation Workflow Web Process Designer is vulnerable to information disclosure attacks. Vulnerability Details ** CVEID: CVE-2024-28849 DESCRIPTION: **Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the...
6.5CVSS
6AI Score
0.0004EPSS
Cilem Haber Information Disclosure Vulnerability
Cilem Haber is prone to an information disclosure...
6.9AI Score
The Intel Converged Security Management Engine (CSME) on the remote host is affected by multiple vulnerabilities in the Active Management Technology (AMT) feature, including the following: Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, ...
9.8CVSS
3.4AI Score
0.003EPSS
Exploit for Improper Access Control in Ruijie Rg-Ew1200G Firmware
Ruijie-RG-EW1200G CVE-2023-4169_CVE-2023-3306_CVE-2023-4415...
9.1AI Score
Microsoft Internet Information Services (IIS) Installed
Microsoft Internet Information Services installation (IIS) has been detected on the remote Windows...
0.6AI Score
IBM InfoSphere Information Governance Catalog Detection
The remote web server is running IBM InfoSphere Information Governance Catalog...
1.1AI Score
Oracle Endeca Information Discovery Studio Detection
Oracle Endeca Information Discovery Studio was detected on the remote host. Oracle Endeca Information Discovery Studio is a web based data discovery and analysis...
0.7AI Score
Clorius Controls ISC SCADA Information Disclosure
Nessus was able to obtain the contents of '/html/info.htm' on the remote Clorius Contols ISC SCADA device. This page may contain sensitive information such as the firmware version of the device, internal IP address, and MAC...
2AI Score
FreePBX gen_amp_conf.php Information Disclosure
By requesting the 'admin/modules/framework/bin/gen_amp_conf.php' script directly, an unauthenticated, remote attacker can discover all the configuration parameters, including the admin password, for the FreePBX installed on the remote host, thereby gaining administrative access to...
7.5AI Score
Easy Digital Downloads < 3.2.12 - Unauthenticated Sensitive Information Exposure
Description The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.11. This makes it possible for unauthenticated attackers to extract...
5.3CVSS
6.9AI Score
0.0004EPSS
A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...
7.6AI Score
EPSS
Joomla! < 1.0.8 Information Disclosure
The version of Joomla! installed on the remote web server is affected by an information disclosure vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to disclose the full path information from the Joomla! installation. Note that the application is....
7.8AI Score
0.01EPSS
The Intel Converged Security Management Engine (CSME) on the remote host is affected by multiple vulnerabilities in the Active Management Technology (AMT) feature. Note that due to the low-level implementation of Intel ME, Nessus may not be able to identify its version on the remote host at this...
1.6AI Score
Database Open Access Information Disclosure Vulnerability
Various Database server might be prone to an information disclosure vulnerability if accessible to remote...
7.3AI Score
Sensitive Information Disclosure
github.com/apache/solr-operator is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the operator's mishandling of authentication credentials in log files, which could expose sensitive information such as usernames and...
6.6AI Score
0.0004EPSS
Sensitive Information Disclosure
Apache Linkis is vulnerable to Sensitive Information Disclosure. The vulnerability is caused by the inclusion of sensitive information (password) in the log statement. This potentially leads to exposure to sensitive...
6.3AI Score
0.0004EPSS
The Intel Converged Security Management Engine (CSME) on the remote host is affected by multiple vulnerabilities in the Active Management Technology (AMT) feature. Note that due to the low-level implementation of Intel ME, Nessus may not be able to identify its version on the remote host at this...
1.6AI Score
OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the...
7.9AI Score
0.0004EPSS
Kubernetes client-go vulnerable to Sensitive Information Leak via Log File
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.5, <= v1.18.13, <= v1.17.15, <...
5.5CVSS
6.1AI Score
0.0004EPSS
Sensitive Information Disclosure
go is vulnerable to Sensitive Information Disclosure. The vulnerability is due to errors returned from MarshalJSON methods containing user-controlled data, which can break contextual auto-escaping behavior, leading to unexpected content injection into...
7.3AI Score
0.0004EPSS
Sensitive Information Disclosure
Apache ZooKeeper is vulnerable to Sensitive Information Disclosure. The vulnerability is due to missing ACL checks in the persistent watcher feature. An attackers can monitor child znodes by attaching a persistent watcher to a parent node they already have access to. When the persistent watcher is....
6.7AI Score
0.0004EPSS
Exploit for Improper Authentication in Ruijienetworks Rg-Ew1200G Firmware
Ruijie-RG-EW1200G CVE-2023-4169_CVE-2023-3306_CVE-2023-4415...
8.8CVSS
8.9AI Score
0.005EPSS
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous...
5.3CVSS
6.8AI Score
0.001EPSS
Sensitive Information Disclosure
go is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the client not forwarding sensitive headers such as "Authorization" or "Cookie" when following an HTTP redirect to a domain that is not a subdomain match or exact match of the initial...
6.9AI Score
0.0004EPSS
Exploit for Improper Authentication in Ruijienetworks Rg-Ew1200G Firmware
Ruijie-RG-EW1200G CVE-2023-4169_CVE-2023-3306_CVE-2023-4415...
8.8CVSS
8.9AI Score
0.005EPSS
Kubernetes client-go vulnerable to Sensitive Information Leak via Log File
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.5, <= v1.18.13, <= v1.17.15, <...
5.5CVSS
6.1AI Score
0.0004EPSS
eZ Publish Information disclosure in backend content tree menu
This security advisory fixes an information disclosure vulnerability in the legacy admin content tree menu. If a view has been disabled in site.ini [SiteAccessRules] Rules, and an attacker accesses the backend with the URL to this module, then the tree menu may be displayed. Since the tree menu...
6.6AI Score
Sensitive Information Exposure
RhodeCode and Kallithea is vulnerable to Sensitive Information Exposure. The vulnerability is due to a lack of admin authentication which allows remote users to obtain API keys and other sensitive information via the get_repo API...
6.9AI Score
0.002EPSS
Summary IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure. Vulnerability Details ** CVEID: CVE-2024-22333 DESCRIPTION: **IBM Maximo Asset Management allows web pages to be stored locally which can be read by another user on the system......
4CVSS
6.1AI Score
0.0004EPSS
eZ Publish Information disclosure in backend content tree menu
This security advisory fixes an information disclosure vulnerability in the legacy admin content tree menu. If a view has been disabled in site.ini [SiteAccessRules] Rules, and an attacker accesses the backend with the URL to this module, then the tree menu may be displayed. Since the tree menu...
6.6AI Score
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and earlier, WRC-G01-W...
8AI Score
0.0004EPSS
CVE-2024-35155 IBM MQ information disclosure
IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ...
6.5CVSS
0.0004EPSS
Moxa AWK Series asqc.asp Information Disclosure Vulnerability
Moxa AWK series wireless access points are prone to an information disclosure...
5.3CVSS
5.2AI Score
0.001EPSS
Sensitive Information Disclosure
Home Assistant is vulnerable to Sensitive Information Disclosure. The vulnerability is due to an unauthenticated attacker being able to read the application's error log via...
7.5CVSS
6.7AI Score
0.002EPSS
CVE-2024-35156 IBM MQ information disclosure
IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ...
6.5CVSS
0.0004EPSS
Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 NDP packets exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted...
6.7AI Score
0.0004EPSS
PHP 7.3.x < 7.3.2 Information Disclosure.
According to its banner, the version of PHP running on the remote web server is 7.3.x prior to 7.3.2. It is, therefore, affected by: An out-of-bounds read error exists in the dns_get_record function due to improper parsing of DNS responses. An unauthenticated, remote attacker can exploit...
7.5CVSS
8.5AI Score
0.606EPSS
CVE-2023-50937 IBM PowerSC information disclosure
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...
5.9CVSS
7.3AI Score
0.001EPSS