CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45738 – Sensitive information disclosure in REST_Calls logging channel
https://notcve.org/view.php?id=CVE-2024-45738
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level. • https://advisory.splunk.com/advisories/SVD-2024-1008 https://research.splunk.com/application/93dc7182-c5da-4085-82ec-401abf33d623 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49235 – WordPress Contact Forms, Live Support, CRM, Video Messages plugin <= 1.10.2 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-49235
Insertion of Sensitive Information Into Sent Data vulnerability in VideoWhisper.Com Contact Forms, Live Support, CRM, Video Messages allows Retrieve Embedded Sensitive Data.This issue affects Contact Forms, Live Support, CRM, Video Messages: from n/a through 1.10.2. ... This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/live-support-tickets/wordpress-contact-forms-live-support-crm-video-messages-plugin-1-10-2-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-9539
https://notcve.org/view.php?id=CVE-2024-9539
An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. • https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.16 https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.10 https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.5 https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5474
https://notcve.org/view.php?id=CVE-2024-5474
A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. • https://support.lenovo.com/us/en/product_security/LEN-158394 • CWE-276: Incorrect Default Permissions •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8530 – Schneider Electric EcoStruxure Data Center Expert Missing Authentication Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-8530
CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure of private data when an already generated “logcaptures” archive is accessed directly by HTTPS. The vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Data Center Expert. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-01.pdf • CWE-306: Missing Authentication for Critical Function •