CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21273 – Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-21273
Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. • https://www.oracle.com/security-alerts/cpuoct2024.html •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49284 – WordPress WP SendFox plugin <= 1.3.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-49284
This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/wp-sendfox/wordpress-wp-sendfox-plugin-1-3-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-9710 – PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9710
PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. • https://github.com/PostHog/posthog/pull/25388 https://www.zerodayinitiative.com/advisories/ZDI-24-1383 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45739 – Sensitive information disclosure in AdminManager logging channel
https://notcve.org/view.php?id=CVE-2024-45739
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level. • https://advisory.splunk.com/advisories/SVD-2024-1009 https://research.splunk.com/application/93dc7182-c5da-4085-82ec-401abf33d623 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45738 – Sensitive information disclosure in REST_Calls logging channel
https://notcve.org/view.php?id=CVE-2024-45738
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level. • https://advisory.splunk.com/advisories/SVD-2024-1008 https://research.splunk.com/application/93dc7182-c5da-4085-82ec-401abf33d623 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •