CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29010 – SonicWALL GMS Virtual Appliance ECMPolicy XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-29010
01 May 2024 — The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE) injection, potentially resulting in the disclosure of sensitive information. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of SonicWALL GMS Virtual Appliance. ... An attacker can leverage this vulnerability to disclose information in the context of root. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0007 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31412
https://notcve.org/view.php?id=CVE-2024-31412
01 May 2024 — Opening a specially crafted project file may lead to information disclosure and/or the product being crashed. • https://jvn.jp/en/vu/JVNVU98274902 • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4368 – Debian Security Advisory 5676-1
https://notcve.org/view.php?id=CVE-2024-4368
01 May 2024 — (Severidad de seguridad de Chrome: alta) Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4331 – Debian Security Advisory 5676-1
https://notcve.org/view.php?id=CVE-2024-4331
01 May 2024 — (Severidad de seguridad de Chrome: alta) Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html • CWE-416: Use After Free •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38386 – IBM Cloud Pak for Security information disclosure
https://notcve.org/view.php?id=CVE-2022-38386
01 May 2024 — IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233778 • CWE-1275: Sensitive Cookie with Improper SameSite Attribute •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4369 – Cluster-image-registry-operator: exposes a secret via env variable in pod definition on azure
https://notcve.org/view.php?id=CVE-2024-4369
30 Apr 2024 — An information disclosure flaw was found in OpenShift's internal image registry operator. ... An attacker controlling an account that has high enough permissions to obtain pod information from the openshift-image-registry namespace could use this obtained client secret to perform actions as the registry operator's Azure service account. • https://access.redhat.com/errata/RHSA-2024:3881 • CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48684
https://notcve.org/view.php?id=CVE-2023-48684
29 Apr 2024 — Sensitive information disclosure and manipulation due to missing authorization. • https://security-advisory.acronis.com/advisories/SEC-6021 • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-48683
https://notcve.org/view.php?id=CVE-2023-48683
29 Apr 2024 — Sensitive information disclosure and manipulation due to missing authorization. ... Sensitive information disclosure and manipulation due to missing authorization. • https://security-advisory.acronis.com/advisories/SEC-5899 • CWE-862: Missing Authorization •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28961
https://notcve.org/view.php?id=CVE-2024-28961
29 Apr 2024 — Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. • https://www.dell.com/support/kbdoc/en-us/000224251/dsa-2024-184-security-update-for-dell-openmanage-enterprise-vulnerability • CWE-256: Plaintext Storage of a Password •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4300 – FS-EZViewer(Web) - Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2024-4300
29 Apr 2024 — FS-EZViewer(Web) exposes sensitive information in the service. ... With this information, attackers can connect to the database and perform actions such as adding, modifying, or deleting database contents. • https://www.twcert.org.tw/tw/cp-132-7774-fbd01-1.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •