CVE-2024-47588 – Information Disclosure vulnerability in SAP NetWeaver Java (Software Update Manager)
https://notcve.org/view.php?id=CVE-2024-47588
In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the logs. This leads to a high impact on confidentiality, with no impact on integrity or availability. • https://me.sap.com/notes/3522953 https://url.sap/sapsecuritypatchday • CWE-522: Insufficiently Protected Credentials •
CVE-2024-34015
https://notcve.org/view.php?id=CVE-2024-34015
Sensitive information disclosure during file browsing due to improper soft link handling. ... Sensitive information disclosure during file browsing due to improper symbolic link handling. • https://security-advisory.acronis.com/advisories/SEC-7601 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVE-2024-50601
https://notcve.org/view.php?id=CVE-2024-50601
Exploitation could lead to session hijacking, data leakage, and further exploitation via a multi-stage attack. • https://www.axigen.com/knowledgebase/Axigen-WebMail-Persistent-and-Reflected-XSS-Vulnerabilities-CVE-2024-50601-_403.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-48011
https://notcve.org/view.php?id=CVE-2024-48011
Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. • https://www.dell.com/support/kbdoc/en-us/000245360/dsa-2024-424-security-update-for-dell-pdsa-2024-424-security-update-for-dell-powerprotect-dd-vulnerabilityowerprotect-dd-vulnerability • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-10285 – CE21 Suite <= 2.2.0 - JWT Token Disclosure
https://notcve.org/view.php?id=CVE-2024-10285
The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. • https://plugins.trac.wordpress.org/browser/ce21-suite/trunk/single-sign-on-ce21.php?rev=3097700#L237 https://plugins.trac.wordpress.org/browser/ce21-suite/trunk/single-sign-on-ce21.php?rev=3097700#L281 https://www.wordfence.com/threat-intel/vulnerabilities/id/618a9ad7-3a13-43e6-84f4-35287f07e1c0?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •