CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-34391 – libxmljs attrs type confusion RCE
https://notcve.org/view.php?id=CVE-2024-34391
This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled). libxmljs es afectada por una vulnerabilidad de confusión de tipos cuando se analiza un XML especialmente manipulado al invocar una función en el resultado de attrs() que se llamó en un nodo analizado. • https://github.com/libxmljs/libxmljs/issues/645 https://research.jfrog.com/vulnerabilities/libxmljs-attrs-type-confusion-rce-jfsa-2024-001033988 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29010 – SonicWALL GMS Virtual Appliance ECMPolicy XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-29010
This vulnerability allows remote attackers to disclose sensitive information on affected installations of SonicWALL GMS Virtual Appliance. ... An attacker can leverage this vulnerability to disclose information in the context of root. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0007 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31412
https://notcve.org/view.php?id=CVE-2024-31412
Opening a specially crafted project file may lead to information disclosure and/or the product being crashed. • https://jvn.jp/en/vu/JVNVU98274902 https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-003_en.pdf • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38386 – IBM Cloud Pak for Security information disclosure
https://notcve.org/view.php?id=CVE-2022-38386
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233778 https://www.ibm.com/support/pages/node/7149811 • CWE-1275: Sensitive Cookie with Improper SameSite Attribute •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26973 – fat: fix uninitialized field in nostale filehandles
https://notcve.org/view.php?id=CVE-2024-26973
This is not great at we potentially leak uninitialized information with the handle to userspace. • https://git.kernel.org/stable/c/ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2 https://git.kernel.org/stable/c/9840d1897e28f8733cc1e38f97e044f987dc0a63 https://git.kernel.org/stable/c/f52d7663a10a1266a2d3871a6dd8fd111edc549f https://git.kernel.org/stable/c/a276c595c3a629170b0f052a3724f755d7c6adc6 https://git.kernel.org/stable/c/b7fb63e807c6dadf7ecc1d43448c4f1711d7eeee https://git.kernel.org/stable/c/c8cc05de8e6b5612b6e9f92c385c1a064b0db375 https://git.kernel.org/stable/c/03a7e3f2ba3ca25f1da1d3898709a08db14c1abb https://git.kernel.org/stable/c/74f852654b8b7866f15323685f1e178d3 •