CVSS: 9.1EPSS: 0%CPEs: -EXPL: 2CVE-2024-50404 – Qsync Central
https://notcve.org/view.php?id=CVE-2024-50404
06 Dec 2024 — We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later Qsync Central suffers from a symlink attack via an uploaded zip file that results in traversal and information disclosure. • https://packetstorm.news/files/id/188634 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51543 – Information Disclosure
https://notcve.org/view.php?id=CVE-2024-51543
05 Dec 2024 — Information Disclosure vulnerabilities allow access to application configuration information. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-15: External Control of System or Configuration Setting •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12094 – Information Disclosure Vulnerability in Tinxy
https://notcve.org/view.php?id=CVE-2024-12094
05 Dec 2024 — This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in plaintext on the device database. An attacker with physical access to the rooted device could exploit this vulnerability by accessing its database leading to unauthorized access of user information such as username, email address and mobile number. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0355 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 1CVE-2024-6784 – SSRF Server Side Request Forgery
https://notcve.org/view.php?id=CVE-2024-6784
05 Dec 2024 — Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. • https://packetstorm.news/files/id/183078 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 3.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-42195 – HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection
https://notcve.org/view.php?id=CVE-2024-42195
05 Dec 2024 — This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117908 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9408
https://notcve.org/view.php?id=CVE-2018-9408
04 Dec 2024 — This could lead to a local information disclosure with System execution privileges needed. • https://source.android.com/security/bulletin/pixel/2018-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9407
https://notcve.org/view.php?id=CVE-2018-9407
04 Dec 2024 — In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due to a Missing Bounds Check. This could lead to Information Disclosure of kernel data. • https://source.android.com/security/bulletin/pixel/2018-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 3.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-38829 – Spring LDAP sensitive data exposure for case-sensitive comparisons
https://notcve.org/view.php?id=CVE-2024-38829
04 Dec 2024 — A vulnerability in VMware Tanzu Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820 Una vulnerab... • https://spring.io/security/cve-2024-38829 • CWE-178: Improper Handling of Case Sensitivity •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12053 – Debian Security Advisory 5824-1
https://notcve.org/view.php?id=CVE-2024-12053
03 Dec 2024 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41775 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2024-41775
03 Dec 2024 — IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7177220 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •