Page 68 of 10843 results (0.368 seconds)

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key. ... A successful exploit could allow the attacker to view sensitive information in cleartext. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-epic-info-sdLv6h8y •

CVSS: 7.5EPSS: 5%CPEs: 3EXPL: 0

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

A sensitive information disclosure vulnerability exists in ZZCMS v.2023 and before within the eginfo.php file located at /3/E_bak5.1/upload/. When accessed with the query parameter phome=ShowPHPInfo, the application executes the phpinfo() function, which exposes detailed information about the PHP environment, including server configuration, loaded modules, and environment variables. • https://github.com/gkdgkd123/codeAudit/blob/main/CVE-2024-44820%20ZZCMS2023%20phpinfo%E6%B3%84%E9%9C%B2.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0

An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized access and modification of sensitive information belonging to other users. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0281 • CWE-863: Incorrect Authorization •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1

In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable page zeroing (because it can be used to change partial page contents). So fuse_notify_store() must be more careful to fully initialize page contents (including parts of the page that are beyond end-of-file) before marking the page uptodate. The current code can leave beyond-EOF page contents uninitialized, which makes these uninitialized page contents visible to userspace via mmap(). This is an information leak, but only affects systems which do not enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the corresponding kernel command line parameter). • https://github.com/Abdurahmon3236/CVE-2024-44947 https://git.kernel.org/stable/c/a1d75f258230b75d46aecdf28b2e732413028863 https://git.kernel.org/stable/c/49934861514d36d0995be8e81bb3312a499d8d9a https://git.kernel.org/stable/c/33168db352c7b56ae18aa55c2cae1a1c5905d30e https://git.kernel.org/stable/c/4690e2171f651e2b415e3941ce17f2f7b813aff6 https://git.kernel.org/stable/c/8c78303eafbf85a728dd84d1750e89240c677dd9 https://git.kernel.org/stable/c/831433527773e665bdb635ab5783d0b95d1246f4 https://git.kernel.org/stable/c/ac42e0f0eb66af966015ee33fd355bc6f5d80cd6 https:&#x • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •