CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25125 – Absolute path traversal vulnerability in digdag server
https://notcve.org/view.php?id=CVE-2024-25125
14 Feb 2024 — This issue may lead to information disclosure and has been addressed in release version 0.10.5.1. • https://github.com/treasure-data/digdag/commit/eae89b0daf6c62f12309d8c7194454dfb18cc5c3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25923 – WordPress Community by PeepSo plugin <= 6.2.7.0 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-25923
14 Feb 2024 — Insertion of Sensitive Information into Log File vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.2.7.0. ... The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.7.0. • https://patchstack.com/database/vulnerability/peepso-core/wordpress-community-by-peepso-plugin-6-2-7-0-sensitive-data-exposure-via-log-file-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24699 – Zoom Clients - Business Logic Error
https://notcve.org/view.php?id=CVE-2024-24699
13 Feb 2024 — Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access. • https://www.zoom.com/en/trust/security-bulletin/ZSB-24006 •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24698 – Zoom Clients - Improper Authentication
https://notcve.org/view.php?id=CVE-2024-24698
13 Feb 2024 — Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access. • https://www.zoom.com/en/trust/security-bulletin/ZSB-24005 • CWE-287: Improper Authentication CWE-449: The UI Performs the Wrong Action •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24696 – Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation
https://notcve.org/view.php?id=CVE-2024-24696
13 Feb 2024 — Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access. • https://www.zoom.com/en/trust/security-bulletin/ZSB-24003 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24695 – Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation
https://notcve.org/view.php?id=CVE-2024-24695
13 Feb 2024 — Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access. • https://www.zoom.com/en/trust/security-bulletin/ZSB-24002 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-25118 – Information Disclosure of Hashed Passwords in TYPO3 Backend Forms
https://notcve.org/view.php?id=CVE-2024-25118
13 Feb 2024 — TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. • https://github.com/TYPO3/typo3/security/advisories/GHSA-38r2-5695-334w • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-25119 – Information Disclosure of Encryption Key in TYPO3 Install Tool
https://notcve.org/view.php?id=CVE-2024-25119
13 Feb 2024 — TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS['SYS']['encryptionKey']` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. Users are advised to upda... • https://github.com/TYPO3/typo3/security/advisories/GHSA-h47m-3f78-qp9g • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21380 – Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-21380
13 Feb 2024 — Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de Microsoft Dynamics Business Central/NAV • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21380 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2024-21377 – Windows DNS Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-21377
13 Feb 2024 — Windows DNS Information Disclosure Vulnerability Vulnerabilidad de divulgación de información DNS de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21377 • CWE-197: Numeric Truncation Error •