Page 507 of 10658 results (0.120 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-31185 – ROZCOM server framework

https://notcve.org/view.php?id=CVE-2023-31185

ROZCOM server framework - Misconfiguration may allow information disclosure via an unspecified request. • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-125102 – Bestwebsoft Relevant Plugin Thumbnail information disclosure

https://notcve.org/view.php?id=CVE-2014-125102

The manipulation leads to information disclosure. ... Durch Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/wp-plugins/relevant/commit/860d1891025548cf0f5f97364c1f51a888f523c3 https://vuldb.com/?ctiid.230113 https://vuldb.com/?id.230113 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-32321 – CKAN remote code execution and private information access via crafted resource ids

https://notcve.org/view.php?id=CVE-2023-32321

CKAN is an open-source data management system for powering data hubs and data portals. ... Information disclosure: A user with permission to create a resource can access any other resource on the system if they know the id, even if they don't have access to it. • https://github.com/ckan/ckan/blob/2a6080e61d5601fa0e2a0317afd6a8e9b7abf6dd/CHANGELOG.rst https://github.com/ckan/ckan/security/advisories/GHSA-446m-hmmm-hm8m • CWE-20: Improper Input Validation •

CVSS: 3.7EPSS: 0%CPEs: 16EXPL: 1

CVE-2023-28322 – curl: more POST-after-PUT confusion

https://notcve.org/view.php?id=CVE-2023-28322

An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. ... This issue may lead to unintended information disclosure by the application. • http://seclists.org/fulldisclosure/2023/Jul/47 http://seclists.org/fulldisclosure/2023/Jul/48 http://seclists.org/fulldisclosure/2023/Jul/52 https://hackerone.com/reports/1954658 https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK https://security.gentoo • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-440: Expected Behavior Violation •

CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0

CVE-2022-44517 – Adobe Acrobat Reader DC Annotation fillColor Out-Of-Bounds Read Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2022-44517

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. •