283 matches found
CVE-2020-3158
A vulnerability in the High Availability HA service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password...
Design/Logic Flaw
A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance...
CVE-2019-0074
A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine NG-RE allows a local authenticated user to read sensitive system files. This issue only affects NFX150 Series and QFX10K Series, EX9200 Series, MX...
Design/Logic Flaw
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms. An attacker could...
Cisco Integrated Management Controller Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms. An attacker could...
Malicious Package
Overview All versions of maleficent contain malicious code. The package is a demonstration of possible risks when installing npm packages. It gathers system information such as: environment variables, OS information, network interface, AWS credentials, npm credentials and ssh keys. The package...
CVE-2019-1868 Cisco Webex Meetings Server Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to access sensitive system information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could...
CVE-2019-1868 Cisco Webex Meetings Server Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to access sensitive system information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could...
Cisco Webex Meetings Server Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to access sensitive system information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could...
CVE-2019-1692
A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller APIC Software could allow an unauthenticated, remote attacker to access sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms for certa...
CVE-2018-13295
Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter...
CVE-2018-13294
Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter...
Information disclosure
Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter...
Information disclosure
Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter...
Information disclosure
Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsmpath parameter...
CVE-2018-13297
The vulnerability CVE-2018-13297 affects Synology Drive’s SYNO.SynologyDrive.Files component. Versions prior to 1.1.2-10562 allow remote attackers to obtain sensitive system information via the dsm_path parameter, enabling an information-disclosure impact (partial confidentiality) without requiri...
CVE-2018-13294
Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter...
CVE-2018-13295
Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter...
CVE-2019-1762
A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software...
Cisco IOS and IOS XE Software Information Disclosure Vulnerability
A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software...