CVE-2018-9410

In analyzeAxes of FontUtils.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2018-9340

In ResStringPool::setTo of ResourceTypes.cpp, it's possible for an attacker to control the value of mStringPoolSize to be out of bounds, causing information disclosure...

CVE-2024-45767

Dell OpenManage Enterprise (OME) before 4.2.0 contains an SQL injection vulnerability due to improper neutralization of special elements in SQL commands. A low-privilege, remote attacker could cause information disclosure. Publicly documented in CVE-2024-45767 and corroborated by NVD/CVEC/Vuln en...

CVE-2024-35155 IBM MQ information disclosure

IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765...

CVE-2024-32897

In ProtocolCdmaCallWaitingIndAdapter::GetCwInfo of protocolsmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation...

CVE-2024-32904

In ProtocolVsimOperationAdapter of protocolvsimadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation...

CVE-2024-32898

In ProtocolCellIdentityParserV4::Parse of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation...

RHEL 5 : transfig (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - transfig: Buffer underwrite in read.c:getline via crafted FIG file CVE-2018-16140 - An array index error ...

CVE-2024-31636

An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machdreader.c component...

CVE-2023-42934

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may be able to access private information...

CVE-2023-49862

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the downloadURLgifimage parameter...

CVE-2023-50271 HP-UX System Management Homepage, Disclosure of Information

A potential security vulnerability has been identified with HP-UX System Management Homepage SMH. This vulnerability could be exploited locally or remotely to disclose information...

Rockwell Automation Stratix 5900 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2016-6415)

A vulnerability in Internet Key Exchange version 1 IKEv1 packet processing code in Cisco IOS, Cisco IOS XE, and Cisco IOS XR Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is d...

CVE-2023-21317

In ContentService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitati...

Moodle 4.2.2 Information Disclosure Vulnerability (MSA-23-0034)

Moodle is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle";...

CVE-2023-35652

In ProtocolEmergencyCallListIndAdapter::Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation...

CVE-2023-35652

In ProtocolEmergencyCallListIndAdapter::Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation...

CVE-2023-40642

In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

Information Disclosure

gitlab is vulnerable to Information Disclosure. This vulnerability occurs due to a flaw in the way that GitLab handles invited group members. An attacker can exploit this vulnerability to gain access to a project even if they have not been invited to the project. This can be used to gain access t...

Simple Author Box < 2.52 - Contributor+ Arbitrary User Information Disclosure via IDOR

Description The plugin does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor. 1. Create a new Post as a Contributor user. 2. Add the "Simple Author Box" block. 3. Intercept the request t...