CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53768 – WordPress Content Audit Exporter plugin <= 1.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-53768
28 Nov 2024 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in IDE Interactive Content Audit Exporter allows Retrieve Embedded Sensitive Data.This issue affects Content Audit Exporter: from n/a through 1.1. The Content Audit Exporter plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1. • https://patchstack.com/database/wordpress/plugin/content-audit-exporter/vulnerability/wordpress-content-audit-exporter-plugin-1-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2017-13321
https://notcve.org/view.php?id=CVE-2017-13321
27 Nov 2024 — This could lead to local information disclosure with no additional execution privileges needed. ... This could lead to local information disclosure with no additional execution privileges needed. • https://source.android.com/docs/security/bulletin/pixel/2018-05-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-13319
https://notcve.org/view.php?id=CVE-2017-13319
27 Nov 2024 — This could lead to remote information disclosure of global static variables with no additional execution privileges needed. ... This could lead to remote information disclosure of global static variables with no additional execution privileges needed. • https://source.android.com/docs/security/bulletin/pixel/2018-05-01 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-52323 – Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2024-52323
27 Nov 2024 — Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account. ... Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account. • https://www.manageengine.com/analytics-plus/CVE-2024-52323.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53675 – Hewlett Packard Enterprise Insight Remote Support validateAgainstXSD XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-53675
26 Nov 2024 — An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise Insight Remote Support. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04731en_us • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53674 – Hewlett Packard Enterprise Insight Remote Support getDocumentRootElement XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-53674
26 Nov 2024 — An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise Insight Remote Support. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04731en_us • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11622 – Hewlett Packard Enterprise Insight Remote Support setInputStream XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-11622
26 Nov 2024 — An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise Insight Remote Support. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04731en_us • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10240 – Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab
https://notcve.org/view.php?id=CVE-2024-10240
26 Nov 2024 — An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project, under certain circumstances. • https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#information-disclosure-through-an-api-endpoint • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 8.4EPSS: 0%CPEs: 7EXPL: 0CVE-2017-18307 – Information Exposure in Kernel
https://notcve.org/view.php?id=CVE-2017-18307
26 Nov 2024 — Information disclosure possible while audio playback. • https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.4EPSS: 0%CPEs: 7EXPL: 0CVE-2017-18306 – Information Exposure in Camera Driver
https://notcve.org/view.php?id=CVE-2017-18306
26 Nov 2024 — Information disclosure due to uninitialized variable. • https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •