CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34382 – WordPress Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.18 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-34382
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RoboSoft Robo Gallery.This issue affects Robo Gallery: from n/a through 3.2.18. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en RoboSoft Robo Gallery. Este problema afecta a Robo Gallery: desde n/a hasta 3.2.18. The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.18. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/robo-gallery/wordpress-photo-gallery-images-slider-in-rbs-image-gallery-plugin-3-2-18-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34383 – WordPress SEOPress plugin <= 7.7.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-34383
Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress SEOPress.This issue affects SEOPress: from n/a through 7.7.1. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en The SEO Guys en SEOPress SEOPress. Este problema afecta a SEOPress: desde n/a hasta 7.6.1. The SEOPress – On-site SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.6.1. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/wp-seopress/wordpress-seopress-plugin-7-6-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30302 – ZDI-CAN-23077: Adobe Acrobat Reader DC AcroForm Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-30302
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 20.005.30539, 23.008.20470 y anteriores de Acrobat Reader se ven afectadas por una vulnerabilidad Use After Free que podría provocar la divulgación de memoria confidencial. Un atacante podría aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. • https://helpx.adobe.com/security/products/acrobat/apsb24-07.html • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-34393 – libxmljs2 attrs type confusion RCE
https://notcve.org/view.php?id=CVE-2024-34393
This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled). libxmljs2 es afectada por una vulnerabilidad de confusión de tipos cuando se analiza un XML especialmente manipulado al invocar una función en el resultado de attrs() que se llamó en un nodo analizado. • https://github.com/marudor/libxmljs2/issues/204 https://research.jfrog.com/vulnerabilities/libxmljs2-attrs-type-confusion-rce-jfsa-2024-001034097 •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-34391 – libxmljs attrs type confusion RCE
https://notcve.org/view.php?id=CVE-2024-34391
This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled). libxmljs es afectada por una vulnerabilidad de confusión de tipos cuando se analiza un XML especialmente manipulado al invocar una función en el resultado de attrs() que se llamó en un nodo analizado. • https://github.com/libxmljs/libxmljs/issues/645 https://research.jfrog.com/vulnerabilities/libxmljs-attrs-type-confusion-rce-jfsa-2024-001033988 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •