CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6620
https://notcve.org/view.php?id=CVE-2024-6620
29 Jul 2024 — A(n) attacker could potentially inject malicious code which may lead to information disclosure, session theft, or client-side request forgery. • https://sps.honeywell.com/us/en/support/productivity/cyber-security-notifications • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42076 – net: can: j1939: Initialize unused data in j1939_send_one()
https://notcve.org/view.php?id=CVE-2024-42076
29 Jul 2024 — [1] BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline] BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline] BUG: ... • https://git.kernel.org/stable/c/9d71dd0c70099914fcd063135da3c580865e924c •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41671 – twisted.web has disordered HTTP pipeline response
https://notcve.org/view.php?id=CVE-2024-41671
29 Jul 2024 — The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. • https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7156 – TOTOLINK A3700R apmib Configuration ExportSettings.sh information disclosure
https://notcve.org/view.php?id=CVE-2024-7156
28 Jul 2024 — The manipulation leads to information disclosure. ... NOTE: The vendor was contacted early about this disclosure but did not respond in any way. ... Dank Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/ExportSettings.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38103 – Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-38103
25 Jul 2024 — Microsoft Edge (Chromium-based) Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38103 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32759 – IBM Security Directory Server information disclosure
https://notcve.org/view.php?id=CVE-2022-32759
25 Jul 2024 — IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228565 • CWE-613: Insufficient Session Expiration •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-7057 – Improper Access Control in GitLab
https://notcve.org/view.php?id=CVE-2024-7057
25 Jul 2024 — An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level. • https://gitlab.com/gitlab-org/gitlab/-/issues/458501 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-7060 – Exposure of Sensitive Information to an Unauthorized Actor in GitLab
https://notcve.org/view.php?id=CVE-2024-7060
24 Jul 2024 — An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export. • https://gitlab.com/gitlab-org/gitlab/-/issues/437894 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-33519 – Authenticated Server-Side prototype pollution Leading to Information Disclosure
https://notcve.org/view.php?id=CVE-2024-33519
24 Jul 2024 — A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN gateway could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. • https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37533 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2024-37533
24 Jul 2024 — IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294727 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •