CVE-2024-38203 – Windows Package Library Manager Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-38203
Windows Package Library Manager Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38203 • CWE-693: Protection Mechanism Failure •
CVE-2024-50331
https://notcve.org/view.php?id=CVE-2024-50331
An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-Multiple-CVEs-Q4-2024-Release • CWE-125: Out-of-bounds Read •
CVE-2024-49395 – Mutt: neomutt: bcc email header field is indirectly leaked by cryptographic info block
https://notcve.org/view.php?id=CVE-2024-49395
In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info. • https://access.redhat.com/security/cve/CVE-2024-49395 https://bugzilla.redhat.com/show_bug.cgi?id=2325332 • CWE-1230: Exposure of Sensitive Information Through Metadata •
CVE-2024-47593 – Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2024-47593
SAP NetWeaver Application Server ABAP allows an unauthenticated attacker with network access to read files from the server, which otherwise would be restricted.This attack is possible only if a Web Dispatcher or some sort of Proxy Server is in use and the file in question was previously opened or downloaded in an application based on SAP GUI for HTML Technology. This will not compromise the application's integrity or availability. • https://me.sap.com/notes/3508947 https://url.sap/sapsecuritypatchday • CWE-276: Incorrect Default Permissions •
CVE-2024-47592 – Information Disclosure Vulnerability in SAP NetWeaver Application Server Java (Logon Application)
https://notcve.org/view.php?id=CVE-2024-47592
SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This has an impact on confidentiality but not on integrity or availability. • https://me.sap.com/notes/3393899 https://url.sap/sapsecuritypatchday • CWE-307: Improper Restriction of Excessive Authentication Attempts •