CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-46468
https://notcve.org/view.php?id=CVE-2024-46468
A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker to obtain sensitive information, resulting in an information disclosure. • https://gist.github.com/ilikeoyt/b396bbb9ef858105c46e999630e7afbe https://github.com/JPressProjects/jpress/issues/190 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-9754 – Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9754
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-9758 – Tungsten Automation Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9758
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-9760 – Tungsten Automation Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9760
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6747 – Information leak in mknotifyd
https://notcve.org/view.php?id=CVE-2024-6747
Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data La fuga de información en mknotifyd en Checkmk anterior a 2.3.0p18, 2.2.0p36, 2.1.0p49 y en 2.0.0p39 (EOL) permite a un atacante obtener datos potencialmente confidenciales • https://checkmk.com/werk/17145 • CWE-201: Insertion of Sensitive Information Into Sent Data •