Page 106 of 10569 results (0.028 seconds)

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue. ... Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery (SSRF) or local script execution. • https://httpd.apache.org/security/vulnerabilities_24.html https://security.netapp.com/advisory/ntap-20240712-0001 https://access.redhat.com/security/cve/CVE-2024-38476 https://bugzilla.redhat.com/show_bug.cgi?id=2295015 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.109, un atacante podría determinar si existe otro usuario en la instancia descifrando la respuesta de error que probablemente recibirían de la instancia cuando intenten iniciar sesión. Esta divulgación podría dar lugar a ataques adicionales de fuerza bruta para adivinar contraseñas. • https://advisory.splunk.com/advisories/SVD-2024-0716 • CWE-204: Observable Response Discrepancy •

CVSS: 7.5EPSS: 0%CPEs: 128EXPL: 0

Information disclosure while parsing sub-IE length during new IE generation. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-191: Integer Underflow (Wrap or Wraparound) •

CVSS: 7.1EPSS: 0%CPEs: 30EXPL: 0

Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-330: Use of Insufficiently Random Values •

CVSS: 7.5EPSS: 0%CPEs: 222EXPL: 0

Information disclosure while handling SA query action frame. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •