CVE-2024-7408 – Information Disclosure Vulnerability in Airveda Air Quality Monitor
https://notcve.org/view.php?id=CVE-2024-7408
This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0233 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2024-0113 – NVIDIA Onyx Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-0113
A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5563 • CWE-35: Path Traversal: '.../ •
CVE-2024-43230 – WordPress Shared Files – Premium Download Manager & Secure File Sharing with Frontend File Upload plugin <= 1.7.28 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-43230
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Shared Files – File Upload Form Shared Files.This issue affects Shared Files: from n/a through 1.7.28. The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.28 via the export functionality and lack of protected directory. This makes it possible for unauthenticated attackers to extract sensitive data information from export files generated by the plugin. • https://patchstack.com/database/vulnerability/shared-files/wordpress-shared-files-premium-download-manager-secure-file-sharing-with-frontend-file-upload-plugin-1-7-28-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-43214 – WordPress myCred plugin <= 2.7.2 - Sensitive Data Exposure via BAC vulnerability
https://notcve.org/view.php?id=CVE-2024-43214
The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.7.2 via the get_issuer_data() function. • https://patchstack.com/database/vulnerability/mycred/wordpress-mycred-plugin-2-7-2-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVE-2024-38200 – Microsoft Office Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2024-38200
Microsoft Office Spoofing Vulnerability Microsoft Office 2019 MSO build 1808 (16.0.10411.20011) and Microsoft 365 MSO version 2403 build 16.0.17425.20176 suffer from an NTLMv2 hash disclosure vulnerability. • https://github.com/passtheticket/CVE-2024-38200 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38200 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •