CVE-2024-10486 – Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File
https://notcve.org/view.php?id=CVE-2024-10486
The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. • https://plugins.trac.wordpress.org/browser/google-listings-and-ads/tags/2.8.6/vendor/googleads/google-ads-php/scripts/print_php_information.php https://www.wordfence.com/threat-intel/vulnerabilities/id/64bc7d47-6b63-4fd9-85d4-82126f86308a?source=cve • CWE-862: Missing Authorization •
CVE-2015-20111
https://notcve.org/view.php?id=CVE-2015-20111
miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other products, lacks checks for snprintf return values, leading to a buffer overflow and significant data leak, a different vulnerability than CVE-2019-12107. • https://bitcoincore.org/en/2024/07/03/disclose_upnp_rce https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures https://github.com/miniupnp/miniupnp/commit/4c90b87ce3d2517097880279e8c3daa7731100e6 https://github.com/miniupnp/miniupnp/pull/157 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2017-13309
https://notcve.org/view.php?id=CVE-2017-13309
This could lead to local information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-05-01 •
CVE-2021-1491 – Cisco SD-WAN vManage Software Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-1491
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying file system of the device. This vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the file system and then accessing it through the web-based management interface. A successful exploit could allow the attacker to read arbitrary files from the file system of the underlying operating system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-info-disclos-gGvm9Mfu • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2021-34751 – Cisco Firepower Management Center Software Configuration Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-34751
A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected device. This vulnerability exists because of improper encryption of sensitive information stored within the GUI configuration manager. An attacker could exploit this vulnerability by logging into the GUI of Cisco FMC Software and navigating to certain sensitive configurations. A successful exploit could allow the attacker to view sensitive configuration parameters in clear text.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-infodisc-Ft2WVmNU • CWE-317: Cleartext Storage of Sensitive Information in GUI •