CVE-2024-41671 – twisted.web has disordered HTTP pipeline response
https://notcve.org/view.php?id=CVE-2024-41671
The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. • https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33 https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc https://github.com/twisted/twisted/security/advisories/GHSA-c8m8-j448-xjx7 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2024-7156 – TOTOLINK A3700R apmib Configuration ExportSettings.sh information disclosure
https://notcve.org/view.php?id=CVE-2024-7156
The manipulation leads to information disclosure. ... NOTE: The vendor was contacted early about this disclosure but did not respond in any way. ... Dank Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/ExportSettings.md https://vuldb.com/?ctiid.272570 https://vuldb.com/?id.272570 https://vuldb.com/?submit.377473 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-38103 – Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-38103
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38103 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVE-2022-32759 – IBM Security Directory Server information disclosure
https://notcve.org/view.php?id=CVE-2022-32759
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228565 https://www.ibm.com/support/pages/node/7161446 • CWE-613: Insufficient Session Expiration •
CVE-2024-7057 – Improper Access Control in GitLab
https://notcve.org/view.php?id=CVE-2024-7057
An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level. • https://gitlab.com/gitlab-org/gitlab/-/issues/458501 https://hackerone.com/reports/2475135 • CWE-284: Improper Access Control •