CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45787 – Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-45787
11 Sep 2024 — This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL and intercepting response of the API request leading to exposure of sensitive information belonging to other users. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-40656
https://notcve.org/view.php?id=CVE-2024-40656
11 Sep 2024 — This could lead to local information disclosure with no additional execution privileges needed. • https://android.googlesource.com/platform/packages/services/Telecomm/+/f3e6a6c02439401eb7aeb3749ee5ec0b51a625b9 • CWE-125: Out-of-bounds Read •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37397 – Ivanti Endpoint Manager ImportXml XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-37397
11 Sep 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Endpoint Manager. • https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7315 – Migration, Backup, Staging – WPvivid < 0.9.106 - Unauthenticated Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2024-7315
11 Sep 2024 — The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups. The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.9.105. • https://wpscan.com/vulnerability/456b728b-a451-4afb-895f-850ddc4fb589 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43475 – Microsoft Windows Admin Center Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-43475
10 Sep 2024 — Microsoft Windows Admin Center Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43475 • CWE-126: Buffer Over-read •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43458 – Windows Networking Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-43458
10 Sep 2024 — Windows Networking Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43458 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2024-38258 – Windows Remote Desktop Licensing Service Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-38258
10 Sep 2024 — Windows Remote Desktop Licensing Service Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38258 • CWE-23: Relative Path Traversal •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2024-38257 – Microsoft AllJoyn API Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-38257
10 Sep 2024 — Microsoft AllJoyn API Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38257 • CWE-908: Use of Uninitialized Resource •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43482 – Microsoft Outlook for iOS Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-43482
10 Sep 2024 — Microsoft Outlook for iOS Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43482 • CWE-285: Improper Authorization •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43474 – Microsoft SQL Server Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-43474
10 Sep 2024 — Microsoft SQL Server Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43474 • CWE-170: Improper Null Termination •