Jal Information Technology Co., Ltd. Security Vulnerabilities
Sensitive Information Disclosure
github.com/rancher/rancher is vulnerable to Sensitive Information Disclosure. The vulnerability is due to constantly reconciling clusters when secrets encryption configuration is enabled, causing Kube API secret values to be written in plaintext on the AppliedSpec. An attacker can gain access to...
6.9AI Score
EPSS
Sensitive Information Disclosure
apache-airflow is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the absence of a "Cache-Control" header in the response headers for dynamic content, which could lead to the unintended caching of sensitive information in the local cache of web...
6.2AI Score
0.0004EPSS
Sensitive Information Exposure
h2o is vulnerable to Sensitive Information Exposure. The vulnerability is due the Typeahead API call which allows an attacker to lookup arbitrary system paths in the entire file system where h2o-3 is...
5.3CVSS
6.8AI Score
0.0004EPSS
DOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted...
5.4CVSS
6.3AI Score
0.001EPSS
SonarQube logs sensitive information
In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs,...
4.9CVSS
6.9AI Score
0.0004EPSS
TYPO3/CMS is vulnerable to Information Disclosure. This vulnerability arises from insufficient validation and handling of uploaded files within forms. It may result in arbitrary file disclosure or unauthorized access to sensitive system...
7AI Score
Sensitive Information Disclosure
netty-incubator-codec-ohttp is vulnerable to Sensitive Information Disclosure. The vulnerability due to an error in the BoringSSLAEADContext which results the encryption nonce overflowing. An attacker can manipulate the nonce repetition by causing the sequence number to overflow, which decreases...
9.1CVSS
6.7AI Score
0.001EPSS
Sensitive Information Disclosure
topthink/framework is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper handling of error messages, which can reveal the PHPSESSION cookie through debug error output source code when a crafted URI is used in a GET...
6.8AI Score
0.0004EPSS
Sensitive Information Disclosure
keycloak-services is vulnerable to Sensitive Information Disclosure. The vulnerability is due to client-provided parameters included in plain text within the KC_RESTART cookie returned by the authorization server's HTTP response to a request_uri authorization...
7.5CVSS
6.5AI Score
0.0004EPSS
typo3/cms-core is vulnerable to Information Disclosure. The vulnerability is due to login failures being logged at the "warning" level instead of the "debug" level, which exposes plain text credential...
7AI Score
typo3/cms-core is vulnerable to Information Disclosure The vulnerability is due to improper session termination, where session data of authenticated users is transformed into an anonymous user session during the logout process, allowing subsequent users of the same client application to access...
6.7AI Score
typo3/cms-core is vulnerable to Information Disclosure. The vulnerability is due to Inline JavaScript settings within the RequireJS package, which allows an attacker to retrieve additional information about the installed system and third-party...
6.6AI Score
Exploit for Insertion of Sensitive Information into Log File in Milesight Ur5X Firmware
CVE-2023-43261 - PoC Critical Vulnerability Exposes...
7.5CVSS
7.9AI Score
0.007EPSS
Sensitive Information Disclosure
jupyter_server is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper path validation, which allows unauthenticated attackers to leak the NTLMv2 password hash of the Windows user running the...
7.5CVSS
7.5AI Score
0.0004EPSS
Sensitive Information Disclosure
GnuTLS is vulnerable to Sensitive Information Disclosure. The vulnerability is due to exploiting deterministic behavior in systems like GnuTLS, particularly when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, which can lead to a noticeable step in nonce size from 513 to 512 bits, exposing a...
5.3CVSS
5.8AI Score
0.0005EPSS
typo3/cms-core is vulnerable to Information Disclosure. The vulnerability is due to backend users without read access being able to see specific pages in the page...
6.7AI Score
typo3/cms-core is vulnerable to Information Disclosure. The vulnerability is due to improper permission checks on the element information component, which displays properties of a certain record without verifying the backend user’s...
6.7AI Score
MinIO information disclosure vulnerability
Impact If-Modified-Since If-Unmodified-Since Headers when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information such as Last-Modified (of the...
5.3CVSS
6.9AI Score
0.0004EPSS
Sensitive Information Disclosure
github.com/kubernetes-sigs/azurefile-csi-driver is vulnerable to Sensitive Information Disclosure. This vulnerability is due to tokens being logged when TokenRequests is configured in the CSIDriver object and the driver is set to run at log level 2 or greater via the -v flag, which allows an...
6.5CVSS
6.7AI Score
0.0004EPSS
EyouCms v1.6.3 - Information Disclosure
EyouCms v1.6.3 was discovered to contain an information disclosure vulnerability via the component...
5.3CVSS
7.2AI Score
0.01EPSS
SonarQube logs sensitive information
In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs,...
4.9CVSS
6.9AI Score
0.0004EPSS
XWiki < 4.10.15 - Information Disclosure
The Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki (but not some protected...
7.5CVSS
6.3AI Score
0.508EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted...
7.3AI Score
0.0004EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted...
7.2AI Score
0.0004EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted...
0.0004EPSS
Microweber Information Disclosure
Microweber contains a vulnerability that allows exposure of sensitive information to an unauthorized actor in Packagist microweber/microweber prior to...
7.5CVSS
7.2AI Score
0.004EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted...
0.0004EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp...
6.1CVSS
0.0005EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp...
7.2AI Score
0.0005EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp...
6.1CVSS
6.9AI Score
0.0005EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp...
0.0005EPSS
simplesamlphp/simplesamlphp is vulnerable to Information Disclosure. The vulnerability is due to insufficient access controls on the admin interface endpoint, allowing unauthenticated users to view sensitive information about the host where SimpleSAMLphp is...
6.6AI Score
IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are no longer supported by the...
9.8CVSS
9.6AI Score
0.007EPSS
Sensitive Information Disclosure
ethyca_fides is vulnerable to Information Disclosure. The vulnerability is due to improper masking of nested sensitive fields such as private_key in the BigQuery connection configuration, which allows an attacker to expose the sensitive fields in plaintext via certain API...
6.5CVSS
6.4AI Score
0.0004EPSS
Sensitive Information Exposure
chainguard.dev/apko is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper redaction of sensitive information within error log output, where HTTP basic auth credentials from repository and keyring URLs are exposed, which allows an attacker with access to logs to...
7.5CVSS
7.4AI Score
0.0004EPSS
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...
6.7AI Score
0.0005EPSS
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...
6.1CVSS
0.0005EPSS
Sensitive Information Disclosure
Kimai is Sensitive Information Disclosure. The vulnerability is caused by manipulating of the PHPSESSIONID argument in the Session Handler component, which results in the sensitive...
3.7CVSS
7AI Score
0.0004EPSS
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...
0.0005EPSS
Sensitive Information Disclosure
typo3/cms-core is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the Install Tool exposing the current TYPO3 version number to non-authenticated...
7AI Score
silverstripe/framework is vulnerable to Information Disclosure. The vulnerability is due to password fields reflecting submitted data, which inadvertently exposes users to potential security risks by displaying sensitive...
7.1AI Score
XWiki < 4.10.15 - Sensitive Information Disclosure
XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are...
7.5CVSS
6.7AI Score
0.292EPSS
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...
6.1CVSS
6.5AI Score
0.0005EPSS
Summary An unspecified IBM SDK, Java Technology Edition vulnerability is addressed. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no confidentiality impact, no integrity...
5.9CVSS
7.6AI Score
0.001EPSS
Summary An unspecified IBM SDK, Java Technology Edition vulnerability is addressed. Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts. CVSS Base...
3.7CVSS
5.9AI Score
0.001EPSS
Sensitive Information Disclosure
Symfony is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the FragmentHandler considering all fragment render requests as coming from a trusted source, regardless of their origin, due to the inability to distinguish between legitimate ESI requests by a trusted proxy...
6.6AI Score
EPSS
silverstripe/framework is vulnerable to Information Disclosure. The vulnerability is due to inconsistent handling of login attempts for non-existent users. This allows attackers to discern valid user accounts and enumerate valid user accounts by observing differences in error messages or...
7AI Score
azure_cli, is vulnerable to Information Disclosure. The vulnerability exists due to sensitive information thats exposed in log files, allowing an attacker to recover plaintext passwords and usernames from log...
8.6CVSS
9.2AI Score
0.001EPSS
github.com/dapr/dapr is vulnerable to Information Disclosure. The vulnerability is caused due to the gRPC proxy sending the invoker app's token instead of the invoked app's token. This allows an attacker to gain access to the invoker app's token, compromising security and authentication...
5.3CVSS
7.2AI Score
0.0004EPSS
Exploit for Cleartext Transmission of Sensitive Information in Keepass
KeePass 2.X Master Password Dumper...
7.4AI Score