Vulnerabilities > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-08 | CVE-2023-27928 | Unspecified vulnerability in Apple products A privacy issue was addressed with improved private data redaction for log entries. | 3.3 |
| 2023-05-08 | CVE-2023-28194 | Unspecified vulnerability in Apple Iphone OS The issue was addressed with improved checks. | 3.3 |
| 2023-05-04 | CVE-2023-21487 | Improper Authentication vulnerability in Samsung Android 11.0/12.0/13.0 Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting. | 3.3 |
| 2023-05-04 | CVE-2023-31413 | Information Exposure Through Log Files vulnerability in Elastic Filebeat 8.6.2 Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled. | 3.3 |
| 2023-05-04 | CVE-2023-2521 | Cross-site Scripting vulnerability in Ez-Net Next-7004N Firmware 3.0.1 A vulnerability was found in NEXTU NEXT-7004N 3.0.1. | 3.5 |
| 2023-05-01 | CVE-2023-2197 | Inadequate Encryption Strength vulnerability in Hashicorp Vault 1.13.0 HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. | 2.5 |
| 2023-04-28 | CVE-2023-30857 | Unspecified vulnerability in Aedart ION @aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. | 3.7 |
| 2023-04-28 | CVE-2023-28473 | Improper Authentication vulnerability in Concretecms Concrete CMS Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section. | 3.3 |
| 2023-04-25 | CVE-2023-25815 | In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. | 2.2 |
| 2023-04-25 | CVE-2022-23721 | Injection vulnerability in Pingidentity Pingid Integration for Windows Login PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times. | 3.3 |