CVE-2024-26172 – Windows DWM Core Library Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-26172
Windows DWM Core Library Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de la librería principal de Windows DWM • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26172 • CWE-125: Out-of-bounds Read •
CVE-2024-26255 – Windows Remote Access Connection Manager Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-26255
Windows Remote Access Connection Manager Information Disclosure Vulnerability Vulnerabilidad de divulgación de información del Administrador de conexión de acceso remoto de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26255 • CWE-126: Buffer Over-read •
CVE-2024-31455 – Minder GetRepositoryByName data leak
https://notcve.org/view.php?id=CVE-2024-31455
Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit `5c381cf` added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would select a random repository. This issue is patched in pull request 2941. As a workaround, revert prior to `5c381cf`, or roll forward past `2eb94e7`. • https://github.com/stacklok/minder/commit/11b6573ad62cfdd783a8bb52f3fce461466037f4 https://github.com/stacklok/minder/commit/5c381cfbf3e4b7ce040ed8511a1fae1a78a0014b https://github.com/stacklok/minder/pull/2941 https://github.com/stacklok/minder/security/advisories/GHSA-ggp5-28x4-xcj9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-31487
https://notcve.org/view.php?id=CVE-2024-31487
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 may allows attacker to information disclosure via crafted http requests. • https://fortiguard.com/psirt/FG-IR-24-060 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-23662
https://notcve.org/view.php?id=CVE-2024-23662
An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests. • https://fortiguard.com/psirt/FG-IR-23-224 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •