CVE-2024-44099
https://notcve.org/view.php?id=CVE-2024-44099
This could lead to local information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2024-10-01 • CWE-863: Incorrect Authorization •
CVE-2022-30354
https://notcve.org/view.php?id=CVE-2022-30354
OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserWithTeam. ... The information disclosed is associated with all registered user ID numbers. • https://cve.offsecguy.com/ovaledge/vulnerabilities/sensitive-data-exposure#cve-2022-30354 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2022-30359
https://notcve.org/view.php?id=CVE-2022-30359
OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. ... The information disclosed is associated with the all registered users, including user ID, status, email address, role(s), user type, license type, and personal details such as first name, last name, gender, and user preferences. • https://cve.offsecguy.com/ovaledge/vulnerabilities/sensitive-data-exposure#cve-2022-30359 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-30361
https://notcve.org/view.php?id=CVE-2022-30361
OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserType. ... The information disclosed is associated with the registered user ID, status, email address, role(s), user type, license type, and personal details such as first name, last name, gender, and user preferences. • https://cve.offsecguy.com/ovaledge/vulnerabilities/sensitive-data-exposure#cve-2022-30361 • CWE-922: Insecure Storage of Sensitive Information •
CVE-2024-49357 – ZimaOS (Installed Applications and System Information) has Unauthorized Sensitive Data Leak
https://notcve.org/view.php?id=CVE-2024-49357
path=/var/lib/casaos/1/system.json`, expose sensitive data like installed applications and system information without requiring any authentication or authorization. This sensitive data leak can be exploited by attackers to gain detailed knowledge about the system setup, installed applications, and other critical information. • https://github.com/IceWhaleTech/ZimaOS/security/advisories/GHSA-hg2h-q5h6-r5c4 https://youtu.be/H_WoqzM-9Cc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •