CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1287 – Paid Memberships Pro - Member Directory Add On < 1.2.6 - Contributor+ Sensitive Information Disclosure and SQLi
https://notcve.org/view.php?id=CVE-2024-1287
The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes. The Paid Memberships Pro - Member Directory Add On plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to 1.2.6 (exclusive) through the 'pmpro_member_directory' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta data, including password hashes. • https://wpscan.com/vulnerability/169e5756-4e12-4add-82e9-47471c30f08c • CWE-202: Exposure of Sensitive Information Through Data Queries CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 4.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-27362
https://notcve.org/view.php?id=CVE-2024-27362
A vulnerability was discovered in Samsung Mobile Processors Exynos 1280, Exynos 2200, Exynos 1330, Exynos 1380, and Exynos 2400 where they do not properly check the length of the data, which can lead to a Information disclosure. • https://semiconductor.samsung.com/support/quality-support/product-security-updates https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-27362 •
CVSS: 2.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38372 – Undici vulnerable to data leak when using response.arrayBuffer()
https://notcve.org/view.php?id=CVE-2024-38372
Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a `fetch()` request, `response.arrayBuffer()` might include portion of memory from the Node.js process. This has been patched in v6.19.2. Undici es un cliente HTTP/1.1, escrito desde cero para Node.js. Dependiendo de las condiciones de la red y del proceso de una solicitud `fetch()`, `response.arrayBuffer()` podría incluir parte de la memoria del proceso Node.js. • https://github.com/nodejs/undici/commit/f979ec3204ca489abf30e7d20e9fee9ea7711d36 https://github.com/nodejs/undici/issues/3328 https://github.com/nodejs/undici/issues/3337 https://github.com/nodejs/undici/pull/3338 https://github.com/nodejs/undici/security/advisories/GHSA-3g92-w8c5-73pq • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-23562 – HCL Domino is susceptible to an information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-23562
This vulnerability is being re-assessed. Vulnerability details will be updated. The security bulletin will be republished when further details are available. Una vulnerabilidad de seguridad en HCL Domino podría permitir la divulgación de información de configuración confidencial. Un atacante remoto no autenticado podría aprovechar esta vulnerabilidad para obtener información y lanzar más ataques contra el sistema afectado. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113822 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-4341 – Information Disclosure in ExtremePacs's Extreme XDS
https://notcve.org/view.php?id=CVE-2024-4341
Improper Privilege Management vulnerability in Ekstrem Bir Bilgisayar Danismanlik Ic Ve Dis Ticaret Ltd. Sti. Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3928. • https://www.usom.gov.tr/bildirim/tr-24-0893 • CWE-269: Improper Privilege Management •