CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41804 – Xibo allows Sensitive Information Disclosure abusing SQL Injection in Xibo CMS DataSet Column Formula
https://notcve.org/view.php?id=CVE-2024-41804
30 Jul 2024 — Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API route inside the CMS responsible for Adding/Editing DataSet Column Formulas. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `formula` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue. • https://github.com/xibosignage/xibo-cms/commit/39a2fd54b3f08831b0004aa2015bd8a753bc567f.patch • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41802 – Xibo allows Sensitive Information Disclosure abusing SQL Injection in Xibo CMS DataSet Data Import
https://notcve.org/view.php?id=CVE-2024-41802
30 Jul 2024 — Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the APIs for importing JSON and importing a Layout containing DataSet data. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue Xibo is a content management system (CMS). An SQL injection vulnerab... • https://github.com/xibosignage/xibo-cms/commit/b7a5899338cd841a39702e3fcaff76aa0ffe4075 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41803 – Xibo allows Sensitive Information Disclosure abusing SQL Injection in Xibo CMS DataSet Filter
https://notcve.org/view.php?id=CVE-2024-41803
30 Jul 2024 — Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain arbitrary data from the Xibo database by injecting specially crafted values in to the API for viewing DataSet data. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue. • https://github.com/xibosignage/xibo-cms/commit/39a2fd54b3f08831b0004aa2015bd8a753bc567f.patch • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1286 – Paid Memberships Pro - Membership Maps Add On < 0.7 - Contributor+ Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2024-1286
30 Jul 2024 — The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users with a membership on the site. The Paid Memberships Pro - Membership Maps Add On plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to 0.7 (exclusive) through the 'pmpro_membership_maps' shortcode. • https://wpscan.com/vulnerability/49dc9ca3-d0ef-4a75-8b51-307e3e44e91b • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2019-20462 – Alecto IVM-100 2019-11-12 Information Disclosure
https://notcve.org/view.php?id=CVE-2019-20462
30 Jul 2024 — By attaching to this serial interface and rebooting the device, a large amount of information is disclosed. • https://seclists.org/fulldisclosure/2024/Jul/14 •
CVSS: 4.6EPSS: 0%CPEs: -EXPL: 0CVE-2019-20469 – One2Track 2019-12-08 Information Disclosure
https://notcve.org/view.php?id=CVE-2019-20469
30 Jul 2024 — Confidential information is needlessly stored on the smartwatch. • https://seclists.org/fulldisclosure/2024/Jul/14 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-40784 – Apple macOS ImageIO KTX Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-40784
29 Jul 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user. macOS Sonoma 14.6 addresses buffer overflow, bypass, code execution, information leakage, integer overflow, out of bounds access, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT214117 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27877 – Apple macOS AppleVADriver Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-27877
29 Jul 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user. macOS Sonoma 14.6 addresses buffer overflow, bypass, code execution, information leakage, integer overflow, out of bounds access, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT214120 •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2024-40789 – Apple WebKit WebCodecs VideoFrame Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-40789
29 Jul 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple WebKit. • https://support.apple.com/en-us/HT214121 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-27863 – Apple Security Advisory 07-29-2024-7
https://notcve.org/view.php?id=CVE-2024-27863
29 Jul 2024 — An information disclosure issue was addressed with improved private data redaction for log entries. ... A local attacker may be able to determine kernel memory layout. macOS Sonoma 14.6 addresses buffer overflow, bypass, code execution, information leakage, integer overflow, out of bounds access, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT214117 •