CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-8775 – Ansible-core: exposure of sensitive information in ansible vault files due to improper logging
https://notcve.org/view.php?id=CVE-2024-8775
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. ... This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions. • https://access.redhat.com/security/cve/CVE-2024-8775 https://bugzilla.redhat.com/show_bug.cgi?id=2312119 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44096
https://notcve.org/view.php?id=CVE-2024-44096
This could lead to local information disclosure with System execution privileges needed. • https://source.android.com/security/bulletin/pixel/2024-09-01 • CWE-453: Insecure Default Variable Initialization •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-6867 – Information Disclosure in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-6867
An information disclosure vulnerability exists in the lunary-ai/lunary, specifically in the `runs/{run_id}/related` endpoint. ... The vulnerability allows unauthorized users to obtain information about non-public runs and their related runs, given the `run_id` of a public or non-public run. • https://github.com/lunary-ai/lunary/commit/35afd4439464571eb016318cd7b6f85a162225ca https://huntr.com/bounties/460df515-164c-4435-954b-0233a181545f • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43180 – IBM Concert information disclosure
https://notcve.org/view.php?id=CVE-2024-43180
IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. • https://exchange.xforce.ibmcloud.com/vulnerabilities/351213 https://www.ibm.com/support/pages/node/7168234 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6544 – Custom Post Limits <= 4.4.1 - Unauthenticated Full Path Disclosure
https://notcve.org/view.php?id=CVE-2024-6544
The Custom Post Limits plugin for WordPress is vulnerable to full path disclosure in all versions up to, and including, 4.4.1. ... The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. • https://plugins.trac.wordpress.org/browser/custom-post-limits/trunk/tests/bootstrap.php https://www.wordfence.com/threat-intel/vulnerabilities/id/9cf4a11e-ad28-4a93-9278-1d2d113a4859?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •