Page 66 of 10805 results (0.074 seconds)

CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0

An unauthenticated attacker can therefore gain information about current emergency situations and possibly also emergency vehicle positions or routes. • https://www.swissphone.com/en-us/solutions/components/terminals/radio-data-module-dical-red https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-042.txt • CWE-284: Improper Access Control •

CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0

A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1692.html • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 2

A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServerâ„¢ that allows a threat actor to execute arbitrary code with System privileges. This vulnerability exists due to the lack of proper data input validation, which allows files to be overwritten. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation ThinManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ThinServer service. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. • https://github.com/hatvix1/CVE-2024-7988-Private-POC https://github.com/HatvixSupport/CVE-2024-7988-Private-POC https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1692.html • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. ... A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. ... A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-exp-vdF8Jbyk • CWE-266: Incorrect Privilege Assignment CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. ... This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments. • https://access.redhat.com/security/cve/CVE-2024-7885 https://bugzilla.redhat.com/show_bug.cgi?id=2305290 https://access.redhat.com/errata/RHSA-2024:6508 https://access.redhat.com/errata/RHSA-2024:6883 https://access.redhat.com/errata/RHSA-2024:7441 https://access.redhat.com/errata/RHSA-2024:7442 https://access.redhat.com/errata/RHSA-2024:7735 https://access.redhat.com/errata/RHSA-2024:7736 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •