CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10397 – Debian Security Advisory 5842-1
https://notcve.org/view.php?id=CVE-2024-10397
14 Nov 2024 — Several vulnerabilities were discovered in OpenAFS, an implementation of the AFS distributed filesystem, which may result in theft of credentials in Unix client PAGs (CVE-2024-10394), fileserver crashes and information leak on StoreACL/FetchACL (CVE-2024-10396) or buffer overflows in XDR responses resulting in denial of service and potentially code execution (CVE-2024-10397). • https://openafs.org/pages/security/OPENAFS-SA-2024-003.txt • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10396 – An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash
https://notcve.org/view.php?id=CVE-2024-10396
14 Nov 2024 — Several vulnerabilities were discovered in OpenAFS, an implementation of the AFS distributed filesystem, which may result in theft of credentials in Unix client PAGs (CVE-2024-10394), fileserver crashes and information leak on StoreACL/FetchACL (CVE-2024-10396) or buffer overflows in XDR responses resulting in denial of service and potentially code execution (CVE-2024-10397). • https://openafs.org/pages/security/OPENAFS-SA-2024-002.txt • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10394 – A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix client
https://notcve.org/view.php?id=CVE-2024-10394
14 Nov 2024 — Several vulnerabilities were discovered in OpenAFS, an implementation of the AFS distributed filesystem, which may result in theft of credentials in Unix client PAGs (CVE-2024-10394), fileserver crashes and information leak on StoreACL/FetchACL (CVE-2024-10396) or buffer overflows in XDR responses resulting in denial of service and potentially code execution (CVE-2024-10397). • https://openafs.org/pages/security/OPENAFS-SA-2024-001.txt • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-3502 – Exposure of Sensitive Information in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-3502
14 Nov 2024 — In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists where account recovery hashes of users are inadvertently exposed to unauthorized actors. ... The exposed account recovery hashes, while not directly related to user passwords, represent sensitive information that should not be accessible to unauthorized parties. • https://github.com/lunary-ai/lunary/commit/17e95f6c99c7d5ac4ee5451c5857b97a12892c74 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-922: Insecure Storage of Sensitive Information •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-3501 – Exposure of Sensitive Information in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-3501
14 Nov 2024 — In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/users/me/org` API endpoints. • https://github.com/lunary-ai/lunary/commit/17e95f6c99c7d5ac4ee5451c5857b97a12892c74 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-1682 – Unclaimed S3 Bucket Reference in psf/requests Documentation
https://notcve.org/view.php?id=CVE-2024-1682
14 Nov 2024 — The use of this unclaimed S3 bucket could lead to data integrity issues, data leakage, availability problems, loss of trustworthiness, and potential further attacks if the bucket is used to host malicious content or as a pivot point for further attacks. • https://github.com/psf/requests/commit/6106a63eb6c0fa490efa73d44388ac25b1b08af4 • CWE-840: Business Logic Errors •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45642 – IBM Security ReaQta information disclosure
https://notcve.org/view.php?id=CVE-2024-45642
14 Nov 2024 — This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7172212 • CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-41206
https://notcve.org/view.php?id=CVE-2024-41206
14 Nov 2024 — A stack-based buffer over-read in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Information Disclosure via a crafted TS video file. • https://github.com/justdan96/tsMuxer/issues/859 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-49777
https://notcve.org/view.php?id=CVE-2024-49777
14 Nov 2024 — A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS), Information Disclosure and Code Execution via a crafted MKV video file. • https://github.com/justdan96/tsMuxer/issues/842 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-31074
https://notcve.org/view.php?id=CVE-2024-31074
13 Nov 2024 — Observable timing discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01177.html • CWE-208: Observable Timing Discrepancy •