CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30569
https://notcve.org/view.php?id=CVE-2024-30569
03 Apr 2024 — An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. • https://github.com/funny-mud-peee/IoT-vuls/blob/main/netgear%20R6850/Info%20Leak%20in%20Netgear-R6850%EF%BC%88currentsetting.htm%EF%BC%89.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-30571
https://notcve.org/view.php?id=CVE-2024-30571
03 Apr 2024 — An information leak in the BRS_top.html component of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. • https://github.com/funny-mud-peee/IoT-vuls/blob/main/netgear%20R6850/Info%20Leak%20in%20Netgear-R6850%EF%BC%88BRS_top.html%EF%BC%89.md •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30166
https://notcve.org/view.php?id=CVE-2024-30166
03 Apr 2024 — In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 server via a TLS 3.1 ClientHello. • https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0 • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30570
https://notcve.org/view.php?id=CVE-2024-30570
03 Apr 2024 — An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. • https://github.com/funny-mud-peee/IoT-vuls/blob/main/netgear%20R6850/Info%20Leak%20in%20Netgear-R6850%EF%BC%88debuginfo.htm%EF%BC%89.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-22248
https://notcve.org/view.php?id=CVE-2024-22248
02 Apr 2024 — A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. • https://www.vmware.com/security/advisories/VMSA-2024-0008.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50313 – IBM WebSphere Application Server information disclosure
https://notcve.org/view.php?id=CVE-2023-50313
02 Apr 2024 — IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812. IBM WebSphere Application Server 8.5 y 9.0 podría proporcionar una seguridad más débil de lo esperado para las conexiones TLS salientes causadas por una falla al respetar la configuración del usuario. ID de IBM X-Force: 274812. • https://exchange.xforce.ibmcloud.com/vulnerabilities/274812 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-51456
https://notcve.org/view.php?id=CVE-2023-51456
02 Apr 2024 — A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to trigger an out-of-bound read/write into the process memory through a crafted payload due to a missing input sanity check in the v2_pack_array_to_msg function implemented in the libv2_sdk.so library imported by the v2_sdk_service binary implementing the service, potentially leading to a memory information leak or an arbitrary code execution. • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-51456 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-51455
https://notcve.org/view.php?id=CVE-2023-51455
02 Apr 2024 — A Improper Validation of Array Index issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to corrupt a controlled memory location due to a missing input validation in the on_receive_session_packet_ack function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, potentially leading to a memory information leak or to an arbitrary code execution. • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-51455 • CWE-129: Improper Validation of Array Index •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-51454
https://notcve.org/view.php?id=CVE-2023-51454
02 Apr 2024 — A Out-of-bounds Write issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to overwrite a pointer in the process memory through a crafted payload triggering an unsafe memory write operation in the my_tcp_receive function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, potentially leading to a memory information leak or to an arbitrary code execution. • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-51454 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2024-3160 – Intelbras HDCVI 1016 HTTP GET Request cap.js information disclosure
https://notcve.org/view.php?id=CVE-2024-3160
02 Apr 2024 — The manipulation leads to information disclosure. ... NOTE: The vendor explains that they do not classify the information shown as sensitive and therefore there is no vulnerability which is about to harm the user. ** EN DISPUTA ** Se ha encontrado una vulnerabilidad clasificada como problemática en Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 y HDCVI 1016 hasta 20240401. ... Durch Manipulation mit unbekannten Daten kann eine information disclosure-Schwa... • https://github.com/netsecfish/intelbras_cap_js • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •