467 matches found
CVE-2023-27860 IBM Maximo Asset Management information disclosure
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. This information could be used in further attacks against the system. IBM X-Force ID: 249207...
CVE-2021-27668
A flaw was found in HashiCorp Vault Enterprise. This flaw allows a remote attacker to obtain sensitive information caused by improper authentication validation by the /sys/license endpoint. By sending a specially-crafted HTTP request, an attacker can obtain license metadata from DR secondaries an...
CVE-2021-3688
A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolons. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest...
Security Bulletin: Multiple vulnerabilities in Intel Processors affect IBM Cloud Pak System
Summary Multiple vulnerabilities in Intel Processors affect Cloud Pak System. IBM Cloud Pak System has addressed vulnerabilities. Vulnerability Details CVEID:CVE-2022-21123 DESCRIPTION: Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by incomple...
Format string
An authenticated malicious user could acquire the simple mail transfer protocol SMTP Password in cleartext format, despite it being protected and hidden behind asterisks. The attacker could then perform further attacks using the SMTP credentials...
CVE-2023-28858
A flaw was found in Redis redis-py. This flaw allows a remote, authenticated attacker to obtain sensitive information caused by an issue with leaving a connection open after canceling an async Redis command at an inopportune time. By sending a specially crafted request, an attacker can obtain...
CVE-2023-0836
A flaw was found in HAProxy, which could allow a remote attacker to obtain sensitive information caused by improper initialization when encoding the FCGIBEGINREQUEST record. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information and us...
CVE-2023-22876
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 244364...
CVE-2023-22876
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 244364...
Design/Logic Flaw
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 244364...
CVE-2023-0888 Authenticated eval injection in B. Braun Space Battery pack SP with Wi-Fi
An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device...
Microsoft Office Visio 安全漏洞
Microsoft Office Visio is responsible for drawing flowcharts and schematic diagrams in the Office software series of the American Microsoft Microsoft company. An information disclosure vulnerability exists in Microsoft Office Visio. An attacker can exploit this vulnerability to obtain sensitive...
CVE-2022-1414
3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks...
Design/Logic Flaw
3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks...
CVE-2021-39086
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the...
Google Android Information Disclosure Vulnerability (CNVD-2022-85766)
Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability that could be exploited by attackers to obtain WiFi SSID information and use it to launch further attacks on the affected system...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability that could be exploited by attackers to obtain WiFi SSID information and use it to launch further attacks on the affected system...
CVE-2022-34162
IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM...
CVE-2021-32504
Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system...
CVE-2021-32504
Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system...