CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47597 – inet_diag: fix kernel-infoleak for UDP sockets
https://notcve.org/view.php?id=CVE-2021-47597
19 Jun 2024 — [1] BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:156 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x69d/0x25c0 lib/iov_iter.c:670 instrument_copy_to_user include/linux/instrumented.h:121 [inline] copyout lib/iov_iter.c:156 [inline] _copy_to_iter+0x69d/0x25c0 lib/iov_iter.c:670 copy_to_iter include/linux/uio.h:155 [inline] simple_copy_to_iter+0xf3/0x140 ... • https://git.kernel.org/stable/c/3c4d05c8056724aff3abc20650807dd828fded54 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5059 – WordPress Event Monster Plugin <= 1.4.0 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-5059
19 Jun 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event Management Tickets Booking.This issue affects Event Management Tickets Booking: from n/a through 1.4.0. ... The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.3. • https://patchstack.com/database/vulnerability/event-monster/wordpress-event-monster-plugin-1-4-0-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21685
https://notcve.org/view.php?id=CVE-2024-21685
18 Jun 2024 — This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosure vulnerability which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. • https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37896 – SQL injection vulnerability in Gin-vue-admin
https://notcve.org/view.php?id=CVE-2024-37896
17 Jun 2024 — This could lead to unauthorized access to the database, data leakage, data manipulation, or even complete compromise of the database server. • https://github.com/flipped-aurora/gin-vue-admin/commit/53d03382188868464ade489ab0713b54392d227f • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-31870 – IBM i information disclosure
https://notcve.org/view.php?id=CVE-2024-31870
15 Jun 2024 — This can be used by a malicious actor to gather information about users that can be targeted in further attacks. • https://exchange.xforce.ibmcloud.com/vulnerabilities/287174 • CWE-204: Observable Response Discrepancy •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21988 – CVE-2024-21988 SSH Cryptographic Implementation Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2024-21988
14 Jun 2024 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH cryptographic implementation. • https://security.netapp.com/advisory/ntap-20240614-0010 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0084
https://notcve.org/view.php?id=CVE-2024-0084
13 Jun 2024 — A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5551 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-0099
https://notcve.org/view.php?id=CVE-2024-0099
13 Jun 2024 — A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5551 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0093
https://notcve.org/view.php?id=CVE-2024-0093
13 Jun 2024 — NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5551 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2024-0091
https://notcve.org/view.php?id=CVE-2024-0091
13 Jun 2024 — A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5551 • CWE-822: Untrusted Pointer Dereference •