CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21792
https://notcve.org/view.php?id=CVE-2024-21792
16 May 2024 — Time-of-check Time-of-use race condition in Intel(R) Neural Compressor software before version 2.5.0 may allow an authenticated user to potentially enable information disclosure via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01109.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-4322 – Path Traversal in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-4322
16 May 2024 — Successful exploitation of this vulnerability could allow an attacker to list all folders in the drive on the system, potentially leading to information disclosure. • https://huntr.com/bounties/5116d858-ce00-418c-a5a5-851c5608c209 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20793 – Illustrator 2024 TIF file parsing Out Of Bound Read Information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-20793
16 May 2024 — Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/illustrator/apsb24-30.html • CWE-125: Out-of-bounds Read •
CVSS: 6.3EPSS: 0%CPEs: 25EXPL: 2CVE-2024-29510 – ghostscript: format string injection leads to shell command execution (SAFER bypass)
https://notcve.org/view.php?id=CVE-2024-29510
16 May 2024 — This lack of restriction permits arbitrary format strings with multiple specifiers, potentially leading to data leakage from the stack and memory corruption. • https://packetstorm.news/files/id/179645 • CWE-20: Improper Input Validation CWE-693: Protection Mechanism Failure •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4357 – XML External Entity Processing Information Disclosure
https://notcve.org/view.php?id=CVE-2024-4357
15 May 2024 — An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software Telerik Reporting. ... An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. • https://docs.telerik.com/report-server/knowledge-base/xxe-vulnerability-cve-2024-4357 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3486 – XML External Entity injection vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3486
15 May 2024 — This could lead to information disclosure and remote code execution. ... This could lead to information disclosure and remote code execution. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3485 – Server-Side Request Forgery vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3485
15 May 2024 — This could lead to senstive information disclosure. ... This could lead to senstive information disclosure. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3970 – Server-Side Request Forgery vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3970
15 May 2024 — This could lead to senstive information disclosure by directory traversal. ... This could lead to senstive information disclosure by directory traversal. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5937 – Sensitive data exfiltration via unsafe permissions on Windows systems in Arc before v1.6.0
https://notcve.org/view.php?id=CVE-2023-5937
15 May 2024 — This can lead to information disclosure by local attackers, via exfiltration of sensitive data from configuration files. • https://security.nozominetworks.com/NN-2023:15-01 • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34101 – ZDI-CAN-23614: Adobe Acrobat Reader DC PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-34101
15 May 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. • https://helpx.adobe.com/security/products/acrobat/apsb24-29.html • CWE-125: Out-of-bounds Read •