CVSS: 3.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38420
https://notcve.org/view.php?id=CVE-2023-38420
16 May 2024 — Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable information disclosure via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html • CWE-703: Improper Check or Handling of Exceptional Conditions CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2023-49614
https://notcve.org/view.php?id=CVE-2023-49614
16 May 2024 — Out of bounds write in firmware for some Intel(R) FPGA products before version 2.9.0 may allow escalation of privilege and information disclosure. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01050.html • CWE-787: Out-of-bounds Write •
CVSS: 2.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-45733 – intel-microcode: Race conditions in some Intel(R) Processors
https://notcve.org/view.php?id=CVE-2023-45733
16 May 2024 — Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access. ... The hardware logic contains race conditions in some Intel(R) processors that may allow an authenticated user to enable partial information disclosure via local access. ... A local attacker could use this to obtain sensitive information via a transient execution attack. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01051.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-1298: Hardware Logic Contains Race Conditions •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21792
https://notcve.org/view.php?id=CVE-2024-21792
16 May 2024 — Time-of-check Time-of-use race condition in Intel(R) Neural Compressor software before version 2.5.0 may allow an authenticated user to potentially enable information disclosure via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01109.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-4322 – Path Traversal in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-4322
16 May 2024 — Successful exploitation of this vulnerability could allow an attacker to list all folders in the drive on the system, potentially leading to information disclosure. • https://huntr.com/bounties/5116d858-ce00-418c-a5a5-851c5608c209 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20793 – Illustrator 2024 TIF file parsing Out Of Bound Read Information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-20793
16 May 2024 — Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. • https://helpx.adobe.com/security/products/illustrator/apsb24-30.html • CWE-125: Out-of-bounds Read •
CVSS: 6.3EPSS: 0%CPEs: 25EXPL: 2CVE-2024-29510 – ghostscript: format string injection leads to shell command execution (SAFER bypass)
https://notcve.org/view.php?id=CVE-2024-29510
16 May 2024 — This lack of restriction permits arbitrary format strings with multiple specifiers, potentially leading to data leakage from the stack and memory corruption. • https://packetstorm.news/files/id/179645 • CWE-20: Improper Input Validation CWE-693: Protection Mechanism Failure •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4357 – XML External Entity Processing Information Disclosure
https://notcve.org/view.php?id=CVE-2024-4357
15 May 2024 — An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software Telerik Reporting. ... An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. • https://docs.telerik.com/report-server/knowledge-base/xxe-vulnerability-cve-2024-4357 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3486 – XML External Entity injection vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3486
15 May 2024 — This could lead to information disclosure and remote code execution. ... This could lead to information disclosure and remote code execution. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3485 – Server-Side Request Forgery vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3485
15 May 2024 — This could lead to senstive information disclosure. ... This could lead to senstive information disclosure. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-918: Server-Side Request Forgery (SSRF) •