CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33657 – Smm Callout in SmmComputrace Module
https://notcve.org/view.php?id=CVE-2024-33657
This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024003.pdf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-7885 – Undertow: improper state management in proxy protocol parsing causes information leakage
https://notcve.org/view.php?id=CVE-2024-7885
As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. ... This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments. • https://access.redhat.com/security/cve/CVE-2024-7885 https://bugzilla.redhat.com/show_bug.cgi?id=2305290 https://access.redhat.com/errata/RHSA-2024:6508 https://access.redhat.com/errata/RHSA-2024:6883 https://access.redhat.com/errata/RHSA-2024:7441 https://access.redhat.com/errata/RHSA-2024:7442 https://access.redhat.com/errata/RHSA-2024:7735 https://access.redhat.com/errata/RHSA-2024:7736 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-42006
https://notcve.org/view.php?id=CVE-2024-42006
Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure. • https://trust.keyfactor.com/?itemUid=d73921fd-bc9e-4e35-a974-cfb628e6a226&source=click •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-34458
https://notcve.org/view.php?id=CVE-2024-34458
Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in information disclosure. • https://trust.keyfactor.com/?itemUid=d73921fd-bc9e-4e35-a974-cfb628e6a226&source=click •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-7925 – ZZCMS eginfo.php information disclosure
https://notcve.org/view.php?id=CVE-2024-7925
The manipulation of the argument phome with the input ShowPHPInfo leads to information disclosure. ... Dank Manipulation des Arguments phome mit der Eingabe ShowPHPInfo mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://gitee.com/A0kooo/cve_article/blob/master/zzcms/information_leak/Zenmus%20ekinfo.php%20had%20an%20information%20leak.md https://vuldb.com/?ctiid.275111 https://vuldb.com/?id.275111 https://vuldb.com/?submit.392121 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •