CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11165
https://notcve.org/view.php?id=CVE-2024-11165
An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the yb_backup log files, exposing the SAS token in plaintext. • https://github.com/yugabyte/yugabyte-db/commit/920989b6c0db0222bb7a0cce46febc76cf72d438 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.2EPSS: 0%CPEs: 30EXPL: 0CVE-2024-38203 – Windows Package Library Manager Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-38203
Windows Package Library Manager Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38203 • CWE-693: Protection Mechanism Failure •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-50331
https://notcve.org/view.php?id=CVE-2024-50331
An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-Multiple-CVEs-Q4-2024-Release • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-47593 – Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2024-47593
SAP NetWeaver Application Server ABAP allows an unauthenticated attacker with network access to read files from the server, which otherwise would be restricted.This attack is possible only if a Web Dispatcher or some sort of Proxy Server is in use and the file in question was previously opened or downloaded in an application based on SAP GUI for HTML Technology. This will not compromise the application's integrity or availability. • https://me.sap.com/notes/3508947 https://url.sap/sapsecuritypatchday • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47592 – Information Disclosure Vulnerability in SAP NetWeaver Application Server Java (Logon Application)
https://notcve.org/view.php?id=CVE-2024-47592
SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This has an impact on confidentiality but not on integrity or availability. • https://me.sap.com/notes/3393899 https://url.sap/sapsecuritypatchday • CWE-307: Improper Restriction of Excessive Authentication Attempts •