CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21781
https://notcve.org/view.php?id=CVE-2024-21781
16 Sep 2024 — Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to enable information disclosure or denial of service via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01071.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28170
https://notcve.org/view.php?id=CVE-2024-28170
16 Sep 2024 — Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user to potentially enable information disclosure via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html • CWE-284: Improper Access Control •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34545
https://notcve.org/view.php?id=CVE-2024-34545
16 Sep 2024 — Improper input validation in some Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable information disclosure via adjacent access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-8775 – Ansible-core: exposure of sensitive information in ansible vault files due to improper logging
https://notcve.org/view.php?id=CVE-2024-8775
14 Sep 2024 — A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. ... This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions. • https://access.redhat.com/security/cve/CVE-2024-8775 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44096
https://notcve.org/view.php?id=CVE-2024-44096
13 Sep 2024 — This could lead to local information disclosure with System execution privileges needed. • https://source.android.com/security/bulletin/pixel/2024-09-01 •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6867 – Information Disclosure in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-6867
13 Sep 2024 — An information disclosure vulnerability exists in the lunary-ai/lunary, specifically in the `runs/{run_id}/related` endpoint. ... The vulnerability allows unauthorized users to obtain information about non-public runs and their related runs, given the `run_id` of a public or non-public run. • https://github.com/lunary-ai/lunary/commit/35afd4439464571eb016318cd7b6f85a162225ca • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43180 – IBM Concert information disclosure
https://notcve.org/view.php?id=CVE-2024-43180
13 Sep 2024 — IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. • https://exchange.xforce.ibmcloud.com/vulnerabilities/351213 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6544 – Custom Post Limits <= 4.4.1 - Unauthenticated Full Path Disclosure
https://notcve.org/view.php?id=CVE-2024-6544
12 Sep 2024 — The Custom Post Limits plugin for WordPress is vulnerable to full path disclosure in all versions up to, and including, 4.4.1. ... The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. • https://plugins.trac.wordpress.org/browser/custom-post-limits/trunk/tests/bootstrap.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-3305 – Information Disclosure in Utarit Information's SoliClub
https://notcve.org/view.php?id=CVE-2024-3305
12 Sep 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android. • https://www.usom.gov.tr/bildirim/tr-24-1457 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38222 – Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-38222
12 Sep 2024 — Microsoft Edge (Chromium-based) Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38222 • CWE-276: Incorrect Default Permissions •