Page 84 of 10813 results (0.098 seconds)

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0

oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. ... This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. • https://www.zerodayinitiative.com/advisories/ZDI-24-1080 • CWE-457: Use of Uninitialized Variable •

CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294868 https://www.ibm.com/support/pages/node/7162334 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.4 and earlier can leak authorized and rejected logins via logs stored directly on the root of the web server. FOG Server creates 2 logs on the root of the web server (fog_login_accepted.log and fog_login_failed.log), exposing the name of the user account used to manage FOG, the IP address of the computer used to login and the User-Agent. This vulnerability is fixed in 1.5.10.47. • https://github.com/FOGProject/fogproject/security/advisories/GHSA-697m-3c4p-g29h • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 2.7EPSS: 0%CPEs: 1EXPL: 0

Improper Input Validation of query search results for private field data in PingIDM OPENIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure. Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure. • https://backstage.forgerock.com/docs/idcloud/latest/release-notes/regular-channel-changelog.html#changed_functionality https://backstage.forgerock.com/knowledge/kb/article/a95212747 • CWE-20: Improper Input Validation •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

An unauthenticated remote attacker could potentially exploit this vulnerability, leading to information disclosure. • https://www.dell.com/support/kbdoc/en-us/000226567/dsa-2024-211-security-update-for-a-dell-insightiq-broken-or-risky-cryptographic-algorithm-vulnerability • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •