CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-34391 – libxmljs attrs type confusion RCE
https://notcve.org/view.php?id=CVE-2024-34391
This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled). libxmljs es afectada por una vulnerabilidad de confusión de tipos cuando se analiza un XML especialmente manipulado al invocar una función en el resultado de attrs() que se llamó en un nodo analizado. • https://github.com/libxmljs/libxmljs/issues/645 https://research.jfrog.com/vulnerabilities/libxmljs-attrs-type-confusion-rce-jfsa-2024-001033988 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29010 – SonicWALL GMS Virtual Appliance ECMPolicy XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-29010
The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE) injection, potentially resulting in the disclosure of sensitive information. This issue affects GMS: 9.3.4 and earlier versions. El documento XML procesado en el endpoint URL de GMS ECM es vulnerable a la inyección de entidad externa XML (XXE), lo que podría resultar en la divulgación de información confidencial. Este problema afecta a GMS: 9.3.4 y versiones anteriores. This vulnerability allows remote attackers to disclose sensitive information on affected installations of SonicWALL GMS Virtual Appliance. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ECMPolicyRequest class. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0007 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31412
https://notcve.org/view.php?id=CVE-2024-31412
Opening a specially crafted project file may lead to information disclosure and/or the product being crashed. • https://jvn.jp/en/vu/JVNVU98274902 https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-003_en.pdf • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38386 – IBM Cloud Pak for Security information disclosure
https://notcve.org/view.php?id=CVE-2022-38386
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778. IBM Cloud Pak for Security (CP4S) 1.10.0.0 a 1.10.11.0 e IBM QRadar Suite for Software 1.10.12.0 a 1.10.19.0 no configuran el atributo SameSite para cookies confidenciales que podrían permitir a un atacante obtener información confidencial mediante técnicas man-in-the-middle. ID de IBM X-Force: 233778. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233778 https://www.ibm.com/support/pages/node/7149811 • CWE-1275: Sensitive Cookie with Improper SameSite Attribute •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-4369 – Cluster-image-registry-operator: exposes a secret via env variable in pod definition on azure
https://notcve.org/view.php?id=CVE-2024-4369
An information disclosure flaw was found in OpenShift's internal image registry operator. • https://access.redhat.com/errata/RHSA-2024:3881 https://access.redhat.com/errata/RHSA-2024:3889 https://access.redhat.com/security/cve/CVE-2024-4369 https://bugzilla.redhat.com/show_bug.cgi?id=2278035 • CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable •