Page 289 of 10586 results (0.046 seconds)

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 260770. IBM CICS TX Advanced 10.1 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 260770. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260770 https://www.ibm.com/support/pages/node/7066431 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1

Remote authenticated users can retrieve the serial number via cgi/json-req - this is an information leak because the serial number is intended to prove an actor's physical access to the device. • https://0xem.ma/posts/HH3K-CVE https://support.bell.ca/Internet/Connection-help/Access_control_in_the_Home_Hub_modems • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg). • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-6121 https://bugzilla.redhat.com/show_bug.cgi?id=2250043 https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html • CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 788EXPL: 1

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. • https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html https://www.tenable.com/security/research/tra-2023-35 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •