CVSS: 7.5EPSS: 5%CPEs: 3EXPL: 0CVE-2024-20440 – Cisco Smart Licensing Utility Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-20440
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-44820
https://notcve.org/view.php?id=CVE-2024-44820
A sensitive information disclosure vulnerability exists in ZZCMS v.2023 and before within the eginfo.php file located at /3/E_bak5.1/upload/. • https://github.com/gkdgkd123/codeAudit/blob/main/CVE-2024-44820%20ZZCMS2023%20phpinfo%E6%B3%84%E9%9C%B2.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-45588 – Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-45588
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized access and modification of sensitive information belonging to other users. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0281 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2024-44947 – fuse: Initialize beyond-EOF page contents before setting uptodate
https://notcve.org/view.php?id=CVE-2024-44947
In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable page zeroing (because it can be used to change partial page contents). So fuse_notify_store() must be more careful to fully initialize page contents (including parts of the page that are beyond end-of-file) before marking the page uptodate. The current code can leave beyond-EOF page contents uninitialized, which makes these uninitialized page contents visible to userspace via mmap(). This is an information leak, but only affects systems which do not enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the corresponding kernel command line parameter). • https://github.com/Abdurahmon3236/CVE-2024-44947 https://git.kernel.org/stable/c/a1d75f258230b75d46aecdf28b2e732413028863 https://git.kernel.org/stable/c/49934861514d36d0995be8e81bb3312a499d8d9a https://git.kernel.org/stable/c/33168db352c7b56ae18aa55c2cae1a1c5905d30e https://git.kernel.org/stable/c/4690e2171f651e2b415e3941ce17f2f7b813aff6 https://git.kernel.org/stable/c/8c78303eafbf85a728dd84d1750e89240c677dd9 https://git.kernel.org/stable/c/831433527773e665bdb635ab5783d0b95d1246f4 https://git.kernel.org/stable/c/ac42e0f0eb66af966015ee33fd355bc6f5d80cd6 https:&#x • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 8.2EPSS: 0%CPEs: 15EXPL: 0CVE-2024-23359 – Buffer Over-read in Multi Mode Call Processor
https://notcve.org/view.php?id=CVE-2024-23359
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network. • https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html • CWE-126: Buffer Over-read •