CVE-2024-38372 – Undici vulnerable to data leak when using response.arrayBuffer()
https://notcve.org/view.php?id=CVE-2024-38372
Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a `fetch()` request, `response.arrayBuffer()` might include portion of memory from the Node.js process. This has been patched in v6.19.2. Undici es un cliente HTTP/1.1, escrito desde cero para Node.js. Dependiendo de las condiciones de la red y del proceso de una solicitud `fetch()`, `response.arrayBuffer()` podría incluir parte de la memoria del proceso Node.js. • https://github.com/nodejs/undici/commit/f979ec3204ca489abf30e7d20e9fee9ea7711d36 https://github.com/nodejs/undici/issues/3328 https://github.com/nodejs/undici/issues/3337 https://github.com/nodejs/undici/pull/3338 https://github.com/nodejs/undici/security/advisories/GHSA-3g92-w8c5-73pq • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVE-2024-23562 – HCL Domino is susceptible to an information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-23562
A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113822 https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116923 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-4341 – Information Disclosure in ExtremePacs's Extreme XDS
https://notcve.org/view.php?id=CVE-2024-4341
Improper Privilege Management vulnerability in Ekstrem Bir Bilgisayar Danismanlik Ic Ve Dis Ticaret Ltd. Sti. Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3928. • https://www.usom.gov.tr/bildirim/tr-24-0893 • CWE-269: Improper Privilege Management •
CVE-2024-3228 – Social Sharing Plugin – Kiwi <= 2.1.7 - Information Disclosure
https://notcve.org/view.php?id=CVE-2024-3228
The Social Sharing Plugin – Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the 'kiwi-nw-pinterest' class. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3109786%40kiwi-social-share&new=3109786%40kiwi-social-share&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/896a038f-fe54-4120-842e-093ef236a898?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-39182
https://notcve.org/view.php?id=CVE-2024-39182
An information disclosure vulnerability in ISPmanager v6.98.0 allows attackers to access sensitive details of the root user's session via an arbitrary command (ISP6-1779). • https://ispmanager.com/changelog • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •