10852 results (0.291 seconds)

CVSS: 4.8EPSS: %CPEs: -EXPL: 0

Improper control of framework service permissions with possibility of some sensitive device information leakage. • https://www.vivo.com/en/support/security-advisory-detail?id=11 • CWE-306: Missing Authentication for Critical Function •

CVSS: 5.9EPSS: %CPEs: -EXPL: 0

This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. • https://access.redhat.com/errata/RHSA-2024:10175 https://access.redhat.com/errata/RHSA-2024:10176 https://access.redhat.com/errata/RHSA-2024:10177 https://access.redhat.com/errata/RHSA-2024:10178 https://access.redhat.com/security/cve/CVE-2024-10451 https://bugzilla.redhat.com/show_bug.cgi?id=2322096 • CWE-798: Use of Hard-coded Credentials •

CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0

IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. • https://www.ibm.com/support/pages/node/7168703 https://www.ibm.com/support/pages/node/7176947 • CWE-613: Insufficient Session Expiration •

CVSS: 7.6EPSS: 0%CPEs: -EXPL: 0

A successful exploit of this vulnerability may lead to partial denial of service and confidential information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5570 • CWE-862: Missing Authorization •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5595 • CWE-862: Missing Authorization •