Page 106 of 10582 results (0.018 seconds)

CVSS: 5.3EPSS: 19%CPEs: 2EXPL: 0

In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. ... Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy. • https://cwe.mitre.org/data/definitions/203.html https://www.bleepingcomputer.com/news/security/hackers-abused-api-to-verify-millions-of-authy-mfa-phone-numbers https://www.twilio.com/docs/usage/security/reporting-vulnerabilities https://www.twilio.com/en-us/changelog • CWE-203: Observable Discrepancy •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue. ... Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery (SSRF) or local script execution. • https://httpd.apache.org/security/vulnerabilities_24.html https://security.netapp.com/advisory/ntap-20240712-0001 https://access.redhat.com/security/cve/CVE-2024-38476 https://bugzilla.redhat.com/show_bug.cgi?id=2295015 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.109, un atacante podría determinar si existe otro usuario en la instancia descifrando la respuesta de error que probablemente recibirían de la instancia cuando intenten iniciar sesión. Esta divulgación podría dar lugar a ataques adicionales de fuerza bruta para adivinar contraseñas. • https://advisory.splunk.com/advisories/SVD-2024-0716 • CWE-204: Observable Response Discrepancy •

CVSS: 7.5EPSS: 0%CPEs: 128EXPL: 0

Information disclosure while parsing sub-IE length during new IE generation. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-191: Integer Underflow (Wrap or Wraparound) •

CVSS: 7.1EPSS: 0%CPEs: 30EXPL: 0

Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-330: Use of Insufficiently Random Values •