Page 70 of 10556 results (0.015 seconds)

CVSS: 4.6EPSS: 0%CPEs: -EXPL: 0

Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html • CWE-665: Improper Initialization •

CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0

Out of bounds read in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.15-0, bhs-0.27 may allow a privileged user to potentially enable information disclosure via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01078.html • CWE-125: Out-of-bounds Read •

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decodeToMap method. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 9.6EPSS: 0%CPEs: -EXPL: 0

An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570 • CWE-215: Insertion of Sensitive Information Into Debugging Code CWE-922: Insecure Storage of Sensitive Information •

CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0

Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38214 • CWE-125: Out-of-bounds Read •