CVSS: 2.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38372 – Undici vulnerable to data leak when using response.arrayBuffer()
https://notcve.org/view.php?id=CVE-2024-38372
Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a `fetch()` request, `response.arrayBuffer()` might include portion of memory from the Node.js process. This has been patched in v6.19.2. Undici es un cliente HTTP/1.1, escrito desde cero para Node.js. Dependiendo de las condiciones de la red y del proceso de una solicitud `fetch()`, `response.arrayBuffer()` podría incluir parte de la memoria del proceso Node.js. • https://github.com/nodejs/undici/commit/f979ec3204ca489abf30e7d20e9fee9ea7711d36 https://github.com/nodejs/undici/issues/3328 https://github.com/nodejs/undici/issues/3337 https://github.com/nodejs/undici/pull/3338 https://github.com/nodejs/undici/security/advisories/GHSA-3g92-w8c5-73pq • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-23562 – HCL Domino is susceptible to an information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-23562
A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113822 https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116923 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-4341 – Information Disclosure in ExtremePacs's Extreme XDS
https://notcve.org/view.php?id=CVE-2024-4341
Improper Privilege Management vulnerability in Ekstrem Bir Bilgisayar Danismanlik Ic Ve Dis Ticaret Ltd. Sti. Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3928. • https://www.usom.gov.tr/bildirim/tr-24-0893 • CWE-269: Improper Privilege Management •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3228 – Social Sharing Plugin – Kiwi <= 2.1.7 - Information Disclosure
https://notcve.org/view.php?id=CVE-2024-3228
The Social Sharing Plugin – Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the 'kiwi-nw-pinterest' class. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3109786%40kiwi-social-share&new=3109786%40kiwi-social-share&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/896a038f-fe54-4120-842e-093ef236a898?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39691 – Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to
https://notcve.org/view.php?id=CVE-2024-39691
As a workaround, it's possible to limit the amount of information leaked by setting a reply template that doesn't contain the original message. • https://github.com/matrix-org/matrix-appservice-irc/blob/d5d67d1d3ea3f0f6962a0af2cc57b56af3ad2129/config.sample.yaml#L601-L604 https://github.com/matrix-org/matrix-appservice-irc/commit/1835e047f269001054be4c68867797aa12372a0f https://github.com/matrix-org/matrix-appservice-irc/pull/1804 https://github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-w9mh-5x8j-9754 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-755: Improper Handling of Exceptional Conditions •