Page 27 of 10786 results (0.042 seconds)

CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0

A vulnerability in Cisco TelePresence CE and RoomOS could allow an unauthenticated, adjacent attacker to view sensitive information on an affected device. This vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read that discloses sensitive information. Note: This vulnerability only affects Cisco Webex Desk Hub. There are no workarounds that address this vulnerability. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf • CWE-125: Out-of-bounds Read •

CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0

IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. • https://www.ibm.com/support/pages/node/7173596 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0

A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they do not own. This vulnerability discloses private information and affects all versions prior to the fix. Una vulnerabilidad en janeczku/calibre-web permite a usuarios no autorizados ver los nombres de los estantes privados que pertenecen a otros usuarios. Este problema se produce en el archivo shelf.py en la línea 221, donde el nombre del estante se expone en un mensaje de error cuando un usuario intenta eliminar un libro de un estante que no es de su propiedad. • https://github.com/janeczku/calibre-web/commit/6f5390ead5df9779ac81fadefffb476e03f93548 https://huntr.com/bounties/394af194-61a7-4e33-b373-877d4c766fca • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 2.4EPSS: 0%CPEs: -EXPL: 1

Hathway Skyworth Router CM5100-511 v4.1.1.24 was discovered to store sensitive information about USB and Wifi connected devices in plaintext. • https://github.com/nitinronge91/Sensitive-Information-disclosure-via-SPI-flash-firmware-for-Hathway-router-CVE-2024-46383 http://skyworth.com • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

This could lead to information disclosure with no additional execution privileges needed.   • https://source.android.com/security/bulletin/2018-06-01 •