Page 268 of 10541 results (0.025 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve data key specs. El complemento System Dashboard para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación de capacidad en la función sd_db_specs() conectada mediante una acción AJAX en todas las versiones hasta la 2.8.7 incluida. Esto hace posible que los atacantes autenticados, con acceso a nivel de suscriptor y superior, recuperen especificaciones de claves de datos. • https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.7/admin/class-system-dashboard-admin.php#L2942 https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.8/admin/class-system-dashboard-admin.php#L2949 https://www.wordfence.com/threat-intel/vulnerabilities/id/53b3ac83-847d-4bd0-a79b-531af266e1b4?source=cve • CWE-862: Missing Authorization •

CVSS: 7.1EPSS: 0%CPEs: 26EXPL: 0

An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service. • https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability • CWE-667: Improper Locking CWE-1234: Hardware Internal or Debug Modes Allow Override of Locks •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

A low privilege attacker could potentially exploit this vulnerability, leading to loss of information, and information disclosure. • https://www.dell.com/support/kbdoc/en-us/000219932/dsa-2023-417-dell-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities • CWE-664: Improper Control of a Resource Through its Lifetime •

CVSS: 6.5EPSS: 0%CPEs: 626EXPL: 0

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. • https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 1

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. • https://github.com/Arszilla/CVE-2023-5808 https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_are_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_HNAS_configuration_backup_and_diagnostic_data. • CWE-285: Improper Authorization CWE-287: Improper Authentication •