Lucene search
K

467 matches found

Cvelist
Cvelist
added 2023/04/27 6:59 p.m.26 views

CVE-2023-27860 IBM Maximo Asset Management information disclosure

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. This information could be used in further attacks against the system. IBM X-Force ID: 249207...

5.3CVSS5.1AI score0.00527EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2023/04/26 5:21 a.m.30 views

CVE-2021-27668

A flaw was found in HashiCorp Vault Enterprise. This flaw allows a remote attacker to obtain sensitive information caused by improper authentication validation by the /sys/license endpoint. By sending a specially-crafted HTTP request, an attacker can obtain license metadata from DR secondaries an...

5.3CVSS5.6AI score0.01043EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/04/06 8:57 a.m.84 views

CVE-2021-3688

A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolons. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest...

4.8CVSS0.5AI score0.00472EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 3:6 p.m.55 views

Security Bulletin: Multiple vulnerabilities in Intel Processors affect IBM Cloud Pak System

Summary Multiple vulnerabilities in Intel Processors affect Cloud Pak System. IBM Cloud Pak System has addressed vulnerabilities. Vulnerability Details CVEID:CVE-2022-21123 DESCRIPTION: Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by incomple...

6.5CVSS6.8AI score0.06451EPSS
Exploits0Affected Software1
Prion
Prion
added 2023/03/27 8:15 p.m.19 views

Format string

An authenticated malicious user could acquire the simple mail transfer protocol SMTP Password in cleartext format, despite it being protected and hidden behind asterisks. The attacker could then perform further attacks using the SMTP credentials...

4CVSS6.3AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2023/03/27 12:43 p.m.32 views

CVE-2023-28858

A flaw was found in Redis redis-py. This flaw allows a remote, authenticated attacker to obtain sensitive information caused by an issue with leaving a connection open after canceling an async Redis command at an inopportune time. By sending a specially crafted request, an attacker can obtain...

4.3CVSS5.4AI score0.01018EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2023/03/24 1:7 p.m.47 views

CVE-2023-0836

A flaw was found in HAProxy, which could allow a remote attacker to obtain sensitive information caused by improper initialization when encoding the FCGIBEGINREQUEST record. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information and us...

7.5CVSS6.7AI score0.01201EPSS
Exploits0References4
OSV
OSV
added 2023/03/15 7:15 p.m.6 views

CVE-2023-22876

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 244364...

6.5CVSS6.6AI score0.0054EPSS
Exploits0References2
NVD
NVD
added 2023/03/15 7:15 p.m.21 views

CVE-2023-22876

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 244364...

6.5CVSS4.9AI score0.0054EPSS
Exploits0References2
Prion
Prion
added 2023/03/15 7:15 p.m.16 views

Design/Logic Flaw

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 244364...

4CVSS5.9AI score0.0054EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/03/13 8:14 a.m.36 views

CVE-2023-0888 Authenticated eval injection in B. Braun Space Battery pack SP with Wi-Fi

An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device...

4.9CVSS7.3AI score0.00604EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/10 12:0 a.m.6 views

Microsoft Office Visio 安全漏洞

Microsoft Office Visio is responsible for drawing flowcharts and schematic diagrams in the Office software series of the American Microsoft Microsoft company. An information disclosure vulnerability exists in Microsoft Office Visio. An attacker can exploit this vulnerability to obtain sensitive...

7.1CVSS6.1AI score0.01793EPSS
Exploits0References4
OSV
OSV
added 2022/10/19 6:15 p.m.4 views

CVE-2022-1414

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks...

8.8CVSS5.8AI score0.00764EPSS
Exploits0References2
Prion
Prion
added 2022/10/19 6:15 p.m.24 views

Design/Logic Flaw

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks...

6.5CVSS8.5AI score0.00764EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/08/16 7:15 p.m.25 views

CVE-2021-39086

IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the...

5.3CVSS0.00779EPSS
Exploits0References2
CNVD
CNVD
added 2022/08/16 12:0 a.m.21 views

Google Android Information Disclosure Vulnerability (CNVD-2022-85766)

Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability that could be exploited by attackers to obtain WiFi SSID information and use it to launch further attacks on the affected system...

2.8CVSS3.2AI score0.00096EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/08/12 12:0 a.m.6 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability that could be exploited by attackers to obtain WiFi SSID information and use it to launch further attacks on the affected system...

2.8CVSS6.1AI score0.00096EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/07/29 12:0 a.m.3 views

CVE-2022-34162

IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM...

6.1CVSS6.2AI score0.00708EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2022/07/19 3:15 p.m.15 views

CVE-2021-32504

Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system...

5.3CVSS0.00529EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/07/19 2:11 p.m.20 views

CVE-2021-32504

Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system...

5.5AI score0.00529EPSS
Exploits0References1
Rows per page
Query Builder