CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 2CVE-2024-9466 – Expedition: Cleartext Storage of Information Leads to Firewall Admin Credential Disclosure
https://notcve.org/view.php?id=CVE-2024-9466
A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials. • https://github.com/holypryx/CVE-2024-9466 https://security.paloaltonetworks.com/PAN-SA-2024-0010 https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-43610 – Copilot Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-43610
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43610 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-47671 – USB: usbtmc: prevent kernel-usb-infoleak
https://notcve.org/view.php?id=CVE-2024-47671
In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: prevent kernel-usb-infoleak The syzbot reported a kernel-usb-infoleak in usbtmc_write, we need to clear the structure before filling fields. • https://git.kernel.org/stable/c/4ddc645f40e90fa3bc7af3a3f3bd7d29e671a775 https://git.kernel.org/stable/c/fa652318887da530f2f9dbd9b0ea4a087d05ee12 https://git.kernel.org/stable/c/16e0ab9ed3ae7d19ca8ee718ba4e09d5c0f909ca https://git.kernel.org/stable/c/0c927dfc0b9bd177f7ab6ee59ef0c4ea06c110a7 https://git.kernel.org/stable/c/ba6269e187aa1b1f20faf3c458831a0d6350304b https://git.kernel.org/stable/c/51297ef7ad7824ad577337f273cd092e81a9fa08 https://git.kernel.org/stable/c/e872738e670ddd63e19f22d0d784f0bdf26ecba5 https://git.kernel.org/stable/c/6c7fc36da021b13c34c572a26ba336cd1 •
CVSS: 2.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39586
https://notcve.org/view.php?id=CVE-2024-39586
An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure. • https://www.dell.com/support/kbdoc/en-us/000234216/dsa-2024-420-security-update-for-dell-emc-appsync-for-multiple-vulnerabilities • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48024 – WordPress Keep Backup Daily plugin <=2.0.7 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-48024
: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Fahad Mahmood Keep Backup Daily allows Retrieve Embedded Sensitive Data.This issue affects Keep Backup Daily: from n/a through 2.0.7. The Keep Backup Daily plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.8. • https://patchstack.com/database/vulnerability/keep-backup-daily/wordpress-keep-backup-daily-plugin-2-0-7-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •