CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5307 – Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-5307
Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. • https://www.zerodayinitiative.com/advisories/ZDI-24-552 • CWE-125: Out-of-bounds Read •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36033 – Bluetooth: qca: fix info leak when fetching board id
https://notcve.org/view.php?id=CVE-2024-36033
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching board id Add the missing sanity check when fetching the board id to avoid leaking slab data when later requesting the firmware. • https://git.kernel.org/stable/c/a7f8dedb4be2cc930a29af24427b885405ecd15d https://git.kernel.org/stable/c/f30c37cb4549baf8377434892d520fe7769bdba7 https://git.kernel.org/stable/c/0adcf6be1445ed50bfd4a451a7a782568f270197 https://git.kernel.org/stable/c/a3dff121a7f5104c4c2d47edaa2351837ef645dd https://git.kernel.org/stable/c/bcccdc947d2ca5972b1e92d0dea10803ddc08ceb https://git.kernel.org/stable/c/ba307abed5e09759845c735ba036f8c12f55b209 •
CVSS: 2.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36032 – Bluetooth: qca: fix info leak when fetching fw build id
https://notcve.org/view.php?id=CVE-2024-36032
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching fw build id Add the missing sanity checks and move the 255-byte build-id buffer off the stack to avoid leaking stack data through debugfs in case the build-info reply is malformed. • https://git.kernel.org/stable/c/c0187b0bd3e94c48050687d87b2c3c9fbae98ae9 https://git.kernel.org/stable/c/62d5550ab62042dcceaf18844d0feadbb962cffe https://git.kernel.org/stable/c/57062aa13e87b1a78a4a8f6cb5fab6ba24f5f488 https://git.kernel.org/stable/c/6b63e0ef4d3ce0080395e5091fba2023f246c45a https://git.kernel.org/stable/c/a571044cc0a0c944e7c12237b6768aeedd7480e1 https://git.kernel.org/stable/c/cda0d6a198e2a7ec6f176c36173a57bdd8af7af2 •
CVSS: 4.0EPSS: 0%CPEs: -EXPL: 0CVE-2022-43841 – IBM Aspera Console information disclosure
https://notcve.org/view.php?id=CVE-2022-43841
IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 239078. IBM Aspera Console 3.4.0 a 3.4.2 PL9 permite almacenar páginas web localmente que otro usuario del sistema puede leer. ID de IBM X-Force: 239078. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239078 https://www.ibm.com/support/pages/node/7155202 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4205 – Premium Addons for Elementor <= 4.10.31 - Missing Authorization to Information Disclosure
https://notcve.org/view.php?id=CVE-2024-4205
The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content() function in all versions up to, and including, 4.10.31. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve Elementor template data. El complemento Premium Addons for Elementor para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación de capacidad en la función get_template_content() en todas las versiones hasta la 4.10.31 incluida. Esto hace posible que los atacantes autenticados, con acceso a nivel de suscriptor y superior, recuperen datos de la plantilla de Elementor. • https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/tags/4.10.28/includes/addons-integration.php#L1408 https://plugins.trac.wordpress.org/changeset/3090037/premium-addons-for-elementor/trunk/includes/addons-integration.php https://www.wordfence.com/threat-intel/vulnerabilities/id/175cb977-dcba-429f-814c-6de078e23472?source=cve • CWE-862: Missing Authorization •