CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10486 – Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File
https://notcve.org/view.php?id=CVE-2024-10486
18 Nov 2024 — The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. ... This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks. • https://plugins.trac.wordpress.org/browser/google-listings-and-ads/tags/2.8.6/vendor/googleads/google-ads-php/scripts/print_php_information.php • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2015-20111
https://notcve.org/view.php?id=CVE-2015-20111
18 Nov 2024 — miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other products, lacks checks for snprintf return values, leading to a buffer overflow and significant data leak, a different vulnerability than CVE-2019-12107. • https://bitcoincore.org/en/2024/07/03/disclose_upnp_rce • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13309
https://notcve.org/view.php?id=CVE-2017-13309
15 Nov 2024 — This could lead to local information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-05-01 •
CVSS: 6.5EPSS: 0%CPEs: 55EXPL: 0CVE-2021-1491 – Cisco SD-WAN vManage Software Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-1491
15 Nov 2024 — A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying file system of the device. This vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the file system and then accessing it through the web-based management interface. A successful exploit could allow the attacker to read arbitrary files from... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-info-disclos-gGvm9Mfu • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2021-34751 – Cisco Firepower Management Center Software Configuration Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-34751
15 Nov 2024 — A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access sensitive configuration information. ... This vulnerability exists because of improper encryption of sensitive information stored within the GUI configuration manager. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-infodisc-Ft2WVmNU • CWE-317: Cleartext Storage of Sensitive Information in GUI •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2021-34750 – Cisco Firepower Management Center Software Configuration Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-34750
15 Nov 2024 — A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center Software could allow an authenticated, remote attacker to access sensitive configuration information. ... This vulnerability is due to lack of proper encryption of sensitive information stored within the GUI configuration manager. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-infodisc-Ft2WVmNU • CWE-317: Cleartext Storage of Sensitive Information in GUI •
CVSS: 5.3EPSS: 0%CPEs: 399EXPL: 0CVE-2022-20648 – Cisco Redundancy Configuration Manager Debug Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-20648
15 Nov 2024 — A vulnerability in a debug function for Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform debug actions that could result in the disclosure of confidential information that should be restricted. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rcm-vuls-7cS3Nuq • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20094 – Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-20094
15 Nov 2024 — A vulnerability in Cisco TelePresence CE and RoomOS could allow an unauthenticated, adjacent attacker to view sensitive information on an affected device. ... A successful exploit could allow the attacker to cause an out-of-bounds read that discloses sensitive information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43189 – IBM Concert Software information disclosure
https://notcve.org/view.php?id=CVE-2024-43189
15 Nov 2024 — IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. • https://www.ibm.com/support/pages/node/7173596 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.0EPSS: 0%CPEs: -EXPL: 0CVE-2021-3986 – Information Disclosure in janeczku/calibre-web
https://notcve.org/view.php?id=CVE-2021-3986
15 Nov 2024 — This vulnerability discloses private information and affects all versions prior to the fix. • https://github.com/janeczku/calibre-web/commit/6f5390ead5df9779ac81fadefffb476e03f93548 • CWE-209: Generation of Error Message Containing Sensitive Information •