CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-7885 – Undertow: improper state management in proxy protocol parsing causes information leakage
https://notcve.org/view.php?id=CVE-2024-7885
As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. ... This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments. • https://access.redhat.com/security/cve/CVE-2024-7885 https://bugzilla.redhat.com/show_bug.cgi?id=2305290 https://access.redhat.com/errata/RHSA-2024:6508 https://access.redhat.com/errata/RHSA-2024:6883 https://access.redhat.com/errata/RHSA-2024:7441 https://access.redhat.com/errata/RHSA-2024:7442 https://access.redhat.com/errata/RHSA-2024:7735 https://access.redhat.com/errata/RHSA-2024:7736 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-42006
https://notcve.org/view.php?id=CVE-2024-42006
Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure. • https://trust.keyfactor.com/?itemUid=d73921fd-bc9e-4e35-a974-cfb628e6a226&source=click •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-34458
https://notcve.org/view.php?id=CVE-2024-34458
Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in information disclosure. • https://trust.keyfactor.com/?itemUid=d73921fd-bc9e-4e35-a974-cfb628e6a226&source=click •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-7925 – ZZCMS eginfo.php information disclosure
https://notcve.org/view.php?id=CVE-2024-7925
The manipulation of the argument phome with the input ShowPHPInfo leads to information disclosure. ... Dank Manipulation des Arguments phome mit der Eingabe ShowPHPInfo mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://gitee.com/A0kooo/cve_article/blob/master/zzcms/information_leak/Zenmus%20ekinfo.php%20had%20an%20information%20leak.md https://vuldb.com/? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47728 – IBM QRadar Suite Software information disclosure
https://notcve.org/view.php?id=CVE-2023-47728
IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7161427 https://exchange.xforce.ibmcloud.com/vulnerabilities/272201 • CWE-209: Generation of Error Message Containing Sensitive Information •