Page 65 of 10569 results (0.075 seconds)

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. ... This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-exp-vdF8Jbyk • CWE-266: Incorrect Privilege Assignment CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments. • https://access.redhat.com/security/cve/CVE-2024-7885 https://bugzilla.redhat.com/show_bug.cgi?id=2305290 https://access.redhat.com/errata/RHSA-2024:6508 https://access.redhat.com/errata/RHSA-2024:6883 https://access.redhat.com/errata/RHSA-2024:7441 https://access.redhat.com/errata/RHSA-2024:7442 https://access.redhat.com/errata/RHSA-2024:7735 https://access.redhat.com/errata/RHSA-2024:7736 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: -EPSS: 0%CPEs: -EXPL: 0

Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure. • https://trust.keyfactor.com/?itemUid=d73921fd-bc9e-4e35-a974-cfb628e6a226&source=click •

CVSS: -EPSS: 0%CPEs: -EXPL: 0

Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in information disclosure. • https://trust.keyfactor.com/?itemUid=d73921fd-bc9e-4e35-a974-cfb628e6a226&source=click •

CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1

The manipulation of the argument phome with the input ShowPHPInfo leads to information disclosure. ... Dank Manipulation des Arguments phome mit der Eingabe ShowPHPInfo mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://gitee.com/A0kooo/cve_article/blob/master/zzcms/information_leak/Zenmus%20ekinfo.php%20had%20an%20information%20leak.md https://vuldb.com/?ctiid.275111 https://vuldb.com/?id.275111 https://vuldb.com/?submit.392121 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •