CVSS: 7.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-21685
https://notcve.org/view.php?id=CVE-2024-21685
This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosure vulnerability which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. ... You can download the latest version of Jira Core Data Center from the download center. ... Atlassian recomienda que los clientes de Jira Core Data Center actualicen a la última versión; si no pueden hacerlo, actualicen su instancia a una de las versiones fijas admitidas especificadas: Jira Core Data Center 9.4: actualice a una versión superior o igual a 9.4. 21 Jira Core Data Center 9.12: actualice a una versión superior o igual a 9.12.8 Jira Core Data Center 9.16: actualice a una versión superior o igual a 9.16.0 Consulte las notas de la versión. Puede descargar la última versión de Jira Core Data Center desde el centro de descargas. • https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211 https://jira.atlassian.com/browse/JRASERVER-77713 •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37305 – Buffer overflow in deserialization in oqs-provider
https://notcve.org/view.php?id=CVE-2024-37305
Unchecked length values are later used for memory reads and writes; malformed input can lead to crashes or information leakage. • https://github.com/open-quantum-safe/oqs-provider/pull/416 https://github.com/open-quantum-safe/oqs-provider/security/advisories/GHSA-pqvr-5cr8-v6fx • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-130: Improper Handling of Length Parameter Inconsistency CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow CWE-805: Buffer Access with Incorrect Length Value •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37896 – SQL injection vulnerability in Gin-vue-admin
https://notcve.org/view.php?id=CVE-2024-37896
The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. ... This could lead to unauthorized access to the database, data leakage, data manipulation, or even complete compromise of the database server. • https://github.com/flipped-aurora/gin-vue-admin/commit/53d03382188868464ade489ab0713b54392d227f https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-gf3r-h744-mqgp • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-31870 – IBM i information disclosure
https://notcve.org/view.php?id=CVE-2024-31870
IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in further attacks. IBM X-Force ID: 287174. IBM Db2 para i 7.2, 7.3, 7.4 y 7.5 proporciona una función de tabla definida por el usuario que es vulnerable a la enumeración de usuarios por parte de un atacante local autenticado, sin tener autoridad sobre los objetos *USRPRF relacionados. Esto puede ser utilizado por un actor malintencionado para recopilar información sobre los usuarios que pueden ser objeto de futuros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/287174 https://www.ibm.com/support/pages/node/7157638 • CWE-204: Observable Response Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-0084
https://notcve.org/view.php?id=CVE-2024-0084
A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5551 • CWE-250: Execution with Unnecessary Privileges •