CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20507 – Cisco Meeting Management Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-20507
06 Nov 2024 — A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of sensitive information within the web-based management interface of an affected device. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-info-disc-9ZEMAhGA • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 0CVE-2024-20457 – Cisco Unified Communications Manager IM & Presence Service Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-20457
06 Nov 2024 — A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. ... A successful exploit could allow the attacker to access sensitive information from the device. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 21EXPL: 0CVE-2024-20445 – Cisco IP Phone 7800, 8800, and 9800 Series Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-20445
06 Nov 2024 — A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. ... A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing c... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10827 – Debian Security Advisory 5810-1
https://notcve.org/view.php?id=CVE-2024-10827
06 Nov 2024 — Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 5.15.16_p20241115 are affected. • https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10826 – Debian Security Advisory 5810-1
https://notcve.org/view.php?id=CVE-2024-10826
06 Nov 2024 — Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 5.15.16_p20241115 are affected. • https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 6.9EPSS: 0%CPEs: 12EXPL: 1CVE-2024-10916 – D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L HTTP GET Request info.xml information disclosure
https://notcve.org/view.php?id=CVE-2024-10916
06 Nov 2024 — The manipulation leads to information disclosure. ... Mittels Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://netsecfish.notion.site/Information-Disclosure-Vulnerability-Report-in-xml-info-xml-for-D-Link-NAS-12d6b683e67c8019a311e699582f51b6? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-6861 – Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api
https://notcve.org/view.php?id=CVE-2024-6861
06 Nov 2024 — A disclosure of sensitive information flaw was found in foreman via the GraphQL API. • https://access.redhat.com/errata/RHSA-2022:8506 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49773 – Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SuiteCRM
https://notcve.org/view.php?id=CVE-2024-49773
05 Nov 2024 — Allows for Information disclosure, including personally identifiable information. • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-5hr4-r43c-6qf7 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50110 – xfrm: fix one more kernel-infoleak in algo dumping
https://notcve.org/view.php?id=CVE-2024-50110
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in algo dumping During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x598/0x2a30 _copy_to_iter+0x598/0x2a30 __skb_datagram_iter+0x168/0x1060 skb_copy_datagram_iter+0x5b/0x220 netlink_recvmsg+0x362/0x1700 sock_recvmsg+0x2dc/0x390 __sys_recvfrom+0x381/0x6d0 __x64_sys_recvfrom+0x130/0x200 x64_sys_call+0x32c8/0x3cc0 do_syscall_64+0xd... • https://git.kernel.org/stable/c/c7a5899eb26e2a4d516d53f65b6dd67be2228041 • CWE-908: Use of Uninitialized Resource •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2023-29116 – PHP Information Disclosure in Enel X JuiceBox
https://notcve.org/view.php?id=CVE-2023-29116
05 Nov 2024 — Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained. • https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •