CVSS: 2.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-7038 – Information Disclosure in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-7038
An information disclosure vulnerability exists in open-webui version 0.3.8. ... This behavior allows an attacker to enumerate file names and traverse directories by observing the error messages, leading to potential exposure of sensitive information. • https://huntr.com/bounties/f42cf72a-8015-44a6-81a9-c6332ef05afc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-9470 – Cortex XSOAR: Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9470
A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data. • https://security.paloaltonetworks.com/CVE-2024-9470 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-43610 – Copilot Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-43610
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43610 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-47671 – USB: usbtmc: prevent kernel-usb-infoleak
https://notcve.org/view.php?id=CVE-2024-47671
In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: prevent kernel-usb-infoleak The syzbot reported a kernel-usb-infoleak in usbtmc_write, we need to clear the structure before filling fields. • https://git.kernel.org/stable/c/4ddc645f40e90fa3bc7af3a3f3bd7d29e671a775 https://git.kernel.org/stable/c/fa652318887da530f2f9dbd9b0ea4a087d05ee12 https://git.kernel.org/stable/c/16e0ab9ed3ae7d19ca8ee718ba4e09d5c0f909ca https://git.kernel.org/stable/c/0c927dfc0b9bd177f7ab6ee59ef0c4ea06c110a7 https://git.kernel.org/stable/c/ba6269e187aa1b1f20faf3c458831a0d6350304b https://git.kernel.org/stable/c/51297ef7ad7824ad577337f273cd092e81a9fa08 https://git.kernel.org/stable/c/e872738e670ddd63e19f22d0d784f0bdf26ecba5 https://git.kernel.org/stable/c/6c7fc36da021b13c34c572a26ba336cd1 •
CVSS: 2.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39586
https://notcve.org/view.php?id=CVE-2024-39586
An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure. • https://www.dell.com/support/kbdoc/en-us/000234216/dsa-2024-420-security-update-for-dell-emc-appsync-for-multiple-vulnerabilities • CWE-611: Improper Restriction of XML External Entity Reference •