CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6747 – Information leak in mknotifyd
https://notcve.org/view.php?id=CVE-2024-6747
10 Oct 2024 — Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data La fuga de información en mknotifyd en Checkmk anterior a 2.3.0p18, 2.2.0p36, 2.1.0p49 y en 2.0.0p39 (EOL) permite a un atacante obtener datos potencialmente confidenciales • https://checkmk.com/werk/17145 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-30118 – HCL Connections is susceptible to a sensitive information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-30118
09 Oct 2024 — HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0114302 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38815
https://notcve.org/view.php?id=CVE-2024-38815
09 Oct 2024 — An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7038 – Information Disclosure in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-7038
09 Oct 2024 — An information disclosure vulnerability exists in open-webui version 0.3.8. ... This behavior allows an attacker to enumerate file names and traverse directories by observing the error messages, leading to potential exposure of sensitive information. • https://huntr.com/bounties/f42cf72a-8015-44a6-81a9-c6332ef05afc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9470 – Cortex XSOAR: Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9470
09 Oct 2024 — A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data. • https://security.paloaltonetworks.com/CVE-2024-9470 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43610 – Copilot Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-43610
09 Oct 2024 — Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43610 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-47671 – USB: usbtmc: prevent kernel-usb-infoleak
https://notcve.org/view.php?id=CVE-2024-47671
09 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: prevent kernel-usb-infoleak The syzbot reported a kernel-usb-infoleak in usbtmc_write, we need to clear the structure before filling fields. In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: prevent kernel-usb-infoleak The syzbot reported a kernel-usb-infoleak in usbtmc_write, we need to clear the structure before filling fields. • https://git.kernel.org/stable/c/4ddc645f40e90fa3bc7af3a3f3bd7d29e671a775 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39586
https://notcve.org/view.php?id=CVE-2024-39586
09 Oct 2024 — An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure. • https://www.dell.com/support/kbdoc/en-us/000234216/dsa-2024-420-security-update-for-dell-emc-appsync-for-multiple-vulnerabilities • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48024 – WordPress Keep Backup Daily plugin <=2.0.7 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-48024
09 Oct 2024 — : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Fahad Mahmood Keep Backup Daily allows Retrieve Embedded Sensitive Data.This issue affects Keep Backup Daily: from n/a through 2.0.7. The Keep Backup Daily plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.8. • https://patchstack.com/database/vulnerability/keep-backup-daily/wordpress-keep-backup-daily-plugin-2-0-7-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 2.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-27457
https://notcve.org/view.php?id=CVE-2024-27457
08 Oct 2024 — Improper check for unusual or exceptional conditions in Intel(R) TDX Module firmware before version 1.5.06 may allow a privileged user to potentially enable information disclosure via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01099.html • CWE-754: Improper Check for Unusual or Exceptional Conditions •