Page 92 of 10843 results (0.149 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

An attacker could exploit this vulnerability to read contents from a location in memory past the buffer boundary, potentially leading to sensitive information disclosure. ... Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-39379 • CWE-125: Out-of-bounds Read •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04675en_us&docLocale=en_US •

CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 0

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228587 https://www.ibm.com/support/pages/node/7161469 • CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •

CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0

A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04675en_us&docLocale=en_US •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `report/data/proofofplayReport` API route inside the CMS. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `sortBy` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue. • https://github.com/xibosignage/xibo-cms/commit/c60cfd8727da77b9db10297148eadd697ebec353.patch https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-v6q4-h869-gm3r https://xibosignage.com/blog/security-advisory-2024-07 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •