Page 28 of 10786 results (0.060 seconds)

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure. • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01 • CWE-1191: On-Chip Debug and Test Interface With Improper Access Control •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

This could disrupt the function of the device and/or cause unauthorized information disclosure. • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01 • CWE-494: Download of Code Without Integrity Check •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to device settings that could disrupt the function of the device and/or result in unauthorized information disclosure. • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01 • CWE-307: Improper Restriction of Excessive Authentication Attempts •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49025 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •

CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0

In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists where account recovery hashes of users are inadvertently exposed to unauthorized actors. • https://github.com/lunary-ai/lunary/commit/17e95f6c99c7d5ac4ee5451c5857b97a12892c74 https://huntr.com/bounties/c2aff952-2dec-4538-8905-190c484aae94 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •