CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3387 – PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2024-3387
10 Apr 2024 — With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls. • https://security.paloaltonetworks.com/CVE-2024-3387 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-31873 – IBM Security Verify Access Appliance information disclosure
https://notcve.org/view.php?id=CVE-2024-31873
10 Apr 2024 — IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317. IBM Security Verify Access Appliance suffers from multiple insecure transit vulnerabilities, hardcoded passwords, and uninitialized variables. ibmsecurity versions prior to 2024.4.5 are affected. • https://packetstorm.news/files/id/182465 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6916 – Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1
https://notcve.org/view.php?id=CVE-2023-6916
10 Apr 2024 — Audit records for OpenAPI requests may include sensitive information. • https://security.nozominetworks.com/NN-2023:17-01 • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-522: Insufficiently Protected Credentials •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2024-2731 – Improper Access Control Issues Lead to Sensitive Data Exposure in Mautic
https://notcve.org/view.php?id=CVE-2024-2731
10 Apr 2024 — Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaigns and their descriptions. • https://github.com/lockness-Ko/CVE-2024-27316 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2730 – Predictable Page Indexing Might Lead to Sensitive Data Exposure in Mautic
https://notcve.org/view.php?id=CVE-2024-2730
10 Apr 2024 — Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available Mautic utiliza índices de páginas predecibles para páginas de destino no publicadas; usuarios no autenticados pueden acceder a su contenido a través de URL de vista previa públicas que podrían exponer datos confidenciales. En el momento de publicación del CVE no hay n... • https://huntr.com/bounties/cd3321a4-9ebc-48fa-8d4c-b5720089c2d9 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20766 – Adobe Indesign 2024 TIF File Parsing Out-Of-Bound Read Information Disclosure Vulnerabiity
https://notcve.org/view.php?id=CVE-2024-20766
10 Apr 2024 — InDesign Desktop versions 18.5.1, 19.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. • https://helpx.adobe.com/security/products/indesign/apsb24-20.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29992 – Azure Identity Library for .NET Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-29992
09 Apr 2024 — Azure Identity Library for .NET Information Disclosure Vulnerability Librería de identidad de Azure para la vulnerabilidad de divulgación de información de .NET • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29992 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2024-28900 – Windows Remote Access Connection Manager Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-28900
09 Apr 2024 — Windows Remote Access Connection Manager Information Disclosure Vulnerability Vulnerabilidad de divulgación de información del Administrador de conexión de acceso remoto de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28900 • CWE-126: Buffer Over-read •
CVSS: 6.8EPSS: 0%CPEs: 15EXPL: 0CVE-2024-26226 – Windows Distributed File System (DFS) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-26226
09 Apr 2024 — Windows Distributed File System (DFS) Information Disclosure Vulnerability Vulnerabilidad de divulgación de información del sistema de archivos distribuido (DFS) de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26226 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2024-26217 – Windows Remote Access Connection Manager Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-26217
09 Apr 2024 — Windows Remote Access Connection Manager Information Disclosure Vulnerability Vulnerabilidad de divulgación de información del Administrador de conexión de acceso remoto de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26217 • CWE-125: Out-of-bounds Read •