CVSS: 6.3EPSS: 0%CPEs: 38EXPL: 0CVE-2024-20448 – Cisco Nexus Dashboard Fabric Controller Credential Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-20448
A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of sensitive information within config only and full backup files. ... A successful exploit could allow the attacker to access sensitive information, including NDFC-connected device credentials, the NDFC site manager private key, and the scheduled backup file encryption key. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-cidv-XvyX2wLj •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45408 – eLabFTW contains a direct and indirect information disclosure
https://notcve.org/view.php?id=CVE-2024-45408
An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. • https://github.com/elabftw/elabftw/security/advisories/GHSA-2c83-6j74-w8r5 • CWE-284: Improper Access Control •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47178 – basic-auth-connect's callback uses time unsafe string comparison
https://notcve.org/view.php?id=CVE-2024-47178
basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. • https://github.com/expressjs/basic-auth-connect/commit/bac1e6a8530e1efd0028800b9b588a37adb0d203 https://github.com/expressjs/basic-auth-connect/security/advisories/GHSA-7p89-p6hx-q4fw • CWE-208: Observable Timing Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45792 – MantisBT vulnerable to information disclosure with user profiles
https://notcve.org/view.php?id=CVE-2024-45792
Using a crafted POST request, an unprivileged, registered user is able to retrieve information about other users' personal system profiles. • https://github.com/mantisbt/mantisbt/security/advisories/GHSA-h5q3-fjp4-2x7r https://github.com/mantisbt/mantisbt/commit/ef0f820284032350cc20a39ff9cb2010d5463b41 https://mantisbt.org/bugs/view.php?id=34640 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-35495
https://notcve.org/view.php?id=CVE-2024-35495
An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0 and Tapo P125M 1.0.0 Build 220930 Rel.143947 allows attackers to observe device state via observing network traffic. • https://github.com/Chapoly1305/tp-link-cve/blob/main/CVE-2024-35495.md • CWE-319: Cleartext Transmission of Sensitive Information •