Page 2 of 11015 results (0.017 seconds)

CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0

In Guardian/CMC instances with a reporting configuration, there could be limited Denial of Service (DoS) impacts, as the reports may not reach their intended destination, and there could also be limited information disclosure impacts. • https://security.nozominetworks.com/NN-2024:2-01 • CWE-863: Incorrect Authorization •

CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL and intercepting response of the API request leading to exposure of sensitive information belonging to other users. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •

CVSS: -EPSS: 0%CPEs: 4EXPL: 0

This could lead to local information disclosure with no additional execution privileges needed. • https://android.googlesource.com/platform/packages/services/Telecomm/+/f3e6a6c02439401eb7aeb3749ee5ec0b51a625b9 https://source.android.com/security/bulletin/2024-09-01 •

CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0

An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Endpoint Manager. • https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0

Microsoft Windows Admin Center Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43475 • CWE-126: Buffer Over-read •