CVSS: 8.6EPSS: 93%CPEs: 16EXPL: 51CVE-2024-24919 – Check Point Quantum Security Gateways Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-24919
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. ... Check Point Security Gateway suffers from an information disclosure vulnerability. ... Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. • https://github.com/verylazytech/CVE-2024-24919 https://github.com/RevoltSecurities/CVE-2024-24919 https://github.com/seed1337/CVE-2024-24919-POC https://github.com/GoatSecurity/CVE-2024-24919 https://github.com/LucasKatashi/CVE-2024-24919 https://github.com/emanueldosreis/CVE-2024-24919 https://github.com/Rug4lo/CVE-2024-24919-Exploit https://github.com/zam89/CVE-2024-24919 https://github.com/GlobalsecureAcademy/CVE-2024-24919 https://github.com/r4p3c4/CVE-2024-24919-Exploit-PoC- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4429 – Cross Site Request Forgery vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-4429
This could lead to sensitive information disclosure. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2023-30312
https://notcve.org/view.php?id=CVE-2023-30312
., to deliver false information from a finance website). • id=40723150 https://openwrt.org/docs/guide-developer/security https://www.ndss-symposium.org/ndss-paper/exploiting-sequence-number-leakage-tcp-hijacking-in-nat-enabled-wi-fi-networks • CWE-203: Observable Discrepancy •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-34029 – AD/LDAP Group Members Leak
https://notcve.org/view.php?id=CVE-2024-34029
Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1 and 8.1.x <= 8.1.12 fail to perform a proper authorization check in the /api/v4/groups/<group-id>/channels/<channel-id>/link endpoint which allows a user to learn the members of an AD/LDAP group that is linked to a team by adding the group to a channel, even if the user has no access to the team. Las versiones 9.5.x <= 9.5.3, 9.7.x <= 9.7.1 y 8.1.x <= 8.1.12 de Mattermost no realizan una verificación de autorización adecuada en /api/v4/groups// canales//link endpoint que permite a un usuario conocer los miembros de un grupo AD/LDAP que está vinculado a un equipo agregando el grupo a un canal, incluso si el usuario no tiene acceso al equipo. • https://mattermost.com/security-updates • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2024-5354 – anji-plus AJ-Report detailByCode information disclosure
https://notcve.org/view.php?id=CVE-2024-5354
The manipulation of the argument shareToken leads to information disclosure. ... Dank der Manipulation des Arguments shareToken mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/anji-plus/report/files/15363269/aj-report.pdf https://github.com/anji-plus/report/issues/34 https://vuldb.com/?ctiid.266266 https://vuldb.com/?id.266266 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •