Page 5 of 10600 results (0.017 seconds)

CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because confidential information is being included in HTTP requests that are exchanged between the user and the device. An attacker could exploit this vulnerability by looking at the raw HTTP requests that are sent to the interface. A successful exploit could allow the attacker to obtain some of the passwords that are configured throughout the interface.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Una vulnerabilidad en la interfaz de administración basada en web de Cisco AsyncOS Software para Cisco Content Security Management Appliance (SMA) podría permitir que un atacante remoto autenticado acceda a información confidencial en un dispositivo afectado. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-info-disclo-VOu2GHbZ • CWE-201: Insertion of Sensitive Information Into Sent Data

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. • https://plugins.trac.wordpress.org/browser/google-listings-and-ads/tags/2.8.6/vendor/googleads/google-ads-php/scripts/print_php_information.php https://www.wordfence.com/threat-intel/vulnerabilities/id/64bc7d47-6b63-4fd9-85d4-82126f86308a?source=cve • CWE-862: Missing Authorization •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other products, lacks checks for snprintf return values, leading to a buffer overflow and significant data leak, a different vulnerability than CVE-2019-12107. • https://bitcoincore.org/en/2024/07/03/disclose_upnp_rce https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures https://github.com/miniupnp/miniupnp/commit/4c90b87ce3d2517097880279e8c3daa7731100e6 https://github.com/miniupnp/miniupnp/pull/157 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

This could lead to local information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-05-01 •

CVSS: 6.5EPSS: 0%CPEs: 55EXPL: 0

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying file system of the device. This vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the file system and then accessing it through the web-based management interface. A successful exploit could allow the attacker to read arbitrary files from the file system of the underlying operating system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-info-disclos-gGvm9Mfu • CWE-59: Improper Link Resolution Before File Access ('Link Following') •