CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-3574 – Authorization Header Leak During Cross-Domain Redirect in scrapy/scrapy
https://notcve.org/view.php?id=CVE-2024-3574
In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. This vulnerability arises from the failure to remove the Authorization header when redirecting across domains. The exposure of the Authorization header to unauthorized actors could potentially allow for account hijacking. En la versión 2.10.1 de scrapy, se identificó un problema por el cual el encabezado de Autorización, que contiene las credenciales para la autenticación del servidor, se filtra a un sitio de terceros durante una redirección entre dominios. Esta vulnerabilidad surge de no eliminar el encabezado de Autorización al redireccionar entre dominios. • https://github.com/scrapy/scrapy/commit/5bcb8fd5019c72d05c4a96da78a7fcb6ecb55b75 https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-1593 – Path Traversal via Parameter Smuggling in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2024-1593
Successful exploitation could lead to unauthorized information disclosure or server compromise. • https://huntr.com/bounties/dbdc6bd6-d09a-46f2-9d9c-5138a14b6e31 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-23561 – HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-23561
HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0111926 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-32036 – SixLabors.ImageSharp vulnerable to data leakage
https://notcve.org/view.php?id=CVE-2024-32036
A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. • https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68 https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588ba https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr • CWE-226: Sensitive Information in Resource Not Removed Before Reuse •
CVSS: 6.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-24898 – Information Leakage in kernel
https://notcve.org/view.php?id=CVE-2024-24898
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. • https://gitee.com/src-openeuler/kernel/pulls/1320 https://gitee.com/src-openeuler/kernel/pulls/1321 https://gitee.com/src-openeuler/kernel/pulls/1322 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1358 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •