CVE-2024-38372

LOW Year: 2024
CVSS v3 Score
2.0
Low
Weakness Type
CWE-201
View all →

Vulnerability Description

Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a `fetch()` request, `response.arrayBuffer()` might include portion of memory from the Node.js process. This has been patched in v6.19.2.

Related Vulnerabilities

CVE-2021-32653

LOW
CVSS:2.7(Low)

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2 send user IDs to the lookup server even if the user has no fields set ...

CWE-2012021

CVE-2022-45428

LOW
CVSS:2.7(Low)

Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface,...

CWE-2012022

CVE-2023-3299

LOW
CVSS:2.7(Low)

HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.

CWE-2012023

CVE-2020-13597

LOW
CVSS:3.5(Low)

Clusters using Calico (version 3.14.0 and below), Calico Enterprise (version 2.8.2 and below), may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with suffici...

CWE-2012020

CVE-2025-48219

LOW
CVSS:3.5(Low)

O2 UK before 2025-05-19 allows subscribers to determine the Cell ID of other subscribers by initiating an IMS (IP Multimedia Subsystem) call and then reading the utran-cell-id-3gpp field of a Cellular...

CWE-2012025

CVE-2024-46665

LOW
CVSS:3.7(Low)

An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounti...

CWE-2012024