CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20093
https://notcve.org/view.php?id=CVE-2024-20093
This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/October-2024 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20091
https://notcve.org/view.php?id=CVE-2024-20091
This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/October-2024 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45293 – XML External Entity Reference (XXE) in PHPSpreadsheet's XLSX reader
https://notcve.org/view.php?id=CVE-2024-45293
On servers that allow users to upload their own Excel (XLSX) sheets, Server files and sensitive information can be disclosed by providing a crafted sheet. ... Sensitive information disclosure through the XXE on sites that allow users to upload their own excel spreadsheets, and parse them using PHPSpreadsheet's Excel parser. ... On servers that allow users to upload their own Excel (XLSX) sheets, Server files, and sensitive information can be disclosed by providing a crafted sheet. • https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-6hwr-6v2f-3m88 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-47910
https://notcve.org/view.php?id=CVE-2024-47910
An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT. • https://community.sonarsource.com/t/sonarqube-github-integration-information-leakage/126609 https://sonarsource.atlassian.net/browse/SONAR-21795 https://sonarsource.atlassian.net/browse/SONAR-21813 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47136
https://notcve.org/view.php?id=CVE-2024-47136
Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. • https://jvn.jp/en/vu/JVNVU92808077 https://www.electronics.jtekt.co.jp/en/topics/202410026928 https://www.electronics.jtekt.co.jp/jp/topics/2024100217388 • CWE-125: Out-of-bounds Read •