Information Disclosure

This vulnerability allows attackers to access sensitive configuration information from the Serviio PRO software without needing to log in. It occurs because the system does not properly restrict access to its API, meaning anyone can send specific requests to get this data.

This vulnerability allows an attacker who is already logged into Checkmk to find out details about existing hosts by looking at different responses from the system. It occurs because the system doesn't properly check permissions, making it easier for these users to access sensitive information.

This vulnerability allows attackers to access sensitive API secrets, such as social login credentials, if administrators accidentally export plugin settings as JSON files. This can happen through support tickets, backups, or version control systems, making it crucial for administrators to handle these exports carefully.

This vulnerability allows an attacker to execute commands remotely or crash the affected switches by sending specially crafted requests over the network. An attacker needs to have network access to the web interface and does not need to be authenticated to exploit this flaw.

An attacker can potentially run harmful code on a user's system or access sensitive information by tricking them into opening a specially crafted file in Digilent DASYLab. This vulnerability affects all versions of the software, so any user could be at risk if they open a malicious file.

An attacker can potentially run harmful code on a user's system or access sensitive information by tricking them into opening a specially crafted file in Digilent DASYLab. This vulnerability affects all versions of the software and requires the user to open the malicious file for the attack to succeed.

An attacker can potentially execute harmful code or access sensitive information by tricking a user into opening a specially crafted file in Digilent DASYLab. This vulnerability affects all versions of the software, and it requires the user to open the malicious file for the attack to succeed.

An attacker can execute malicious code on a user's system by tricking them into opening a specially crafted DSB file in Digilent DASYLab. This vulnerability affects all versions of the software and requires the user to open the corrupted file for the attack to succeed.

This vulnerability allows an attacker to see the organization memberships of other users, even if they don't have admin rights, as long as they know the victim's unique identifier and the Organizations feature is turned on. This means that any authenticated user could potentially gather sensitive information about others within the system.

An attacker can crash applications that use Python-Markdown by sending specially crafted Markdown content, which causes the program to fail without handling the error. This vulnerability affects any system that processes untrusted Markdown, such as web applications or documentation tools, and can lead to service outages.

This vulnerability allows an attacker to access sensitive information, such as hostnames, that is unintentionally stored in the application logs and certain URLs of HCL Sametime for iOS. To exploit this, the attacker would need to gain access to these logs, which could happen if the device or application is not properly secured.

This vulnerability allows a malicious user with admin access to a connected Guardian to inject harmful HTML into the CMC's Sensor Map feature, which could trick other users into clicking on phishing links. However, this can only happen if the Sensor Map is enabled, and the attack is limited because existing security measures prevent more serious exploits like full account takeover or data theft.

This vulnerability allows a malicious user with the right permissions to inject harmful HTML into a node label, which could then be displayed to other users in the Alerted Nodes Dashboard. While the risk of full exploitation is limited by existing security measures, it could still lead to phishing attempts or redirecting users to malicious sites if they interact with the affected alerts.

This vulnerability allows a high-privileged attacker with local access to the Dell PowerScale OneFS system to potentially disrupt services, gain higher access rights, or access sensitive information. It affects specific versions of the software, so users running outdated versions are at risk.

This vulnerability allows a high-privileged attacker with local access to the Dell PowerScale OneFS system to potentially cause a denial of service, gain higher privileges, or access sensitive information. It affects specific versions of the software, so systems running outdated versions are at risk.

An attacker with high privileges and local access to Dell PowerScale OneFS could exploit a flaw in default permissions to run malicious code, crash the system, gain higher access rights, or steal sensitive information. This vulnerability affects specific versions of the software, so it’s crucial to ensure you’re running an updated version to mitigate the risk.

This vulnerability allows an attacker with physical access to a device to read unique identifiers that could reveal sensitive information about the device. No special permissions or user actions are needed to exploit this flaw, making it a significant risk for devices that may be left unattended.

This vulnerability allows an attacker with system privileges on an Android device to read sensitive information from memory without permission. The attacker does not need any user interaction to exploit this flaw, making it a serious risk for devices that have already been compromised.

This vulnerability allows an attacker with system privileges on an Android device to read sensitive information from memory without proper checks, potentially exposing private data. The attacker does not need any user interaction to exploit this flaw, making it a significant risk if they have already gained access to the system.

This vulnerability allows attackers to access private and unapproved forum topics by exploiting the RSS feed feature, even if they are not logged in. It occurs when they request the feed without specifying a forum ID, which skips important privacy checks meant to protect that information.