CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-20462 – Cisco ATA 190 Series Analog Telephone Adapter Muliplatform Firmware Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-20462
A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device. This vulnerability is due to incorrect sanitization of HTML content from an affected device. A successful exploit could allow the attacker to view passwords that belong to other users. Una vulnerabilidad en la interfaz de administración basada en web del firmware del adaptador telefónico analógico multiplataforma Cisco ATA 190 Series podría permitir que un atacante local autenticado con privilegios bajos vea las contraseñas en un dispositivo afectado. Esta vulnerabilidad se debe a una desinfección incorrecta del contenido HTML de un dispositivo afectado. Una explotación exitosa podría permitir que el atacante vea las contraseñas que pertenecen a otros usuarios. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy • CWE-257: Storing Passwords in a Recoverable Format CWE-922: Insecure Storage of Sensitive Information •
CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-38190 – Power Platform Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-38190
Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38190 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-38204 – Imagine Cup site Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-38204
Improper Access Control in Imagine Cup allows an authorized attacker to elevate privileges over a network. Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38204 • CWE-284: Improper Access Control •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21273 – Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-21273
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. • https://www.oracle.com/security-alerts/cpuoct2024.html •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49284 – WordPress WP SendFox plugin <= 1.3.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-49284
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BogdanFix WP SendFox allows Retrieve Embedded Sensitive Data.This issue affects WP SendFox: from n/a through 1.3.1. The WP SendFox plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/wp-sendfox/wordpress-wp-sendfox-plugin-1-3-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •