Page 80 of 10658 results (0.130 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

This could lead to unauthorized information disclosure or modification. • https://www.fortra.com/security/advisories/product-security/fi-2024-009 • CWE-303: Incorrect Implementation of Authentication Algorithm •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names.  • https://my.f5.com/manage/s/article/K10438187 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.6EPSS: 0%CPEs: -EXPL: 0

Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html • CWE-665: Improper Initialization •

CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0

Out of bounds read in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.15-0, bhs-0.27 may allow a privileged user to potentially enable information disclosure via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01078.html • CWE-125: Out-of-bounds Read •

CVSS: 8.2EPSS: 2%CPEs: 1EXPL: 0

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decodeToMap method. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373 • CWE-611: Improper Restriction of XML External Entity Reference •