CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-7885 – Undertow: improper state management in proxy protocol parsing causes information leakage
https://notcve.org/view.php?id=CVE-2024-7885
As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. ... This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments. • https://access.redhat.com/security/cve/CVE-2024-7885 https://bugzilla.redhat.com/show_bug.cgi?id=2305290 https://access.redhat.com/errata/RHSA-2024:6508 https://access.redhat.com/errata/RHSA-2024:6883 https://access.redhat.com/errata/RHSA-2024:7441 https://access.redhat.com/errata/RHSA-2024:7442 https://access.redhat.com/errata/RHSA-2024:7735 https://access.redhat.com/errata/RHSA-2024:7736 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-42006
https://notcve.org/view.php?id=CVE-2024-42006
Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure. • https://trust.keyfactor.com/?itemUid=d73921fd-bc9e-4e35-a974-cfb628e6a226&source=click •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6568 – Flamix: Bitrix24 and Contact Form 7 integrations <= 3.1.0 - Unauthenticated Full Path Disclosure
https://notcve.org/view.php?id=CVE-2024-6568
The Flamix: Bitrix24 and Contact Form 7 integrations plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.0. ... The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. • https://plugins.trac.wordpress.org/browser/flamix-bitrix24-and-contact-forms-7-integrations/trunk/includes/vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3138051%40flamix-bitrix24-and-contact-forms-7-integrations&new=3138051%40flamix-bitrix24-and-contact-forms-7-integrations&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/da2050ea-70b3-476d-841f-021c3baddf35?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-34458
https://notcve.org/view.php?id=CVE-2024-34458
Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in information disclosure. • https://trust.keyfactor.com/?itemUid=d73921fd-bc9e-4e35-a974-cfb628e6a226&source=click •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-7925 – ZZCMS eginfo.php information disclosure
https://notcve.org/view.php?id=CVE-2024-7925
The manipulation of the argument phome with the input ShowPHPInfo leads to information disclosure. ... Dank Manipulation des Arguments phome mit der Eingabe ShowPHPInfo mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://gitee.com/A0kooo/cve_article/blob/master/zzcms/information_leak/Zenmus%20ekinfo.php%20had%20an%20information%20leak.md https://vuldb.com/? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •