CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44099
https://notcve.org/view.php?id=CVE-2024-44099
This could lead to local information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2024-10-01 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2022-30354
https://notcve.org/view.php?id=CVE-2022-30354
OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserWithTeam. • https://cve.offsecguy.com/ovaledge/vulnerabilities/sensitive-data-exposure#cve-2022-30354 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2022-30359
https://notcve.org/view.php?id=CVE-2022-30359
OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. • https://cve.offsecguy.com/ovaledge/vulnerabilities/sensitive-data-exposure#cve-2022-30359 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2022-30361
https://notcve.org/view.php?id=CVE-2022-30361
OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserType. • https://cve.offsecguy.com/ovaledge/vulnerabilities/sensitive-data-exposure#cve-2022-30361 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49357 – ZimaOS (Installed Applications and System Information) has Unauthorized Sensitive Data Leak
https://notcve.org/view.php?id=CVE-2024-49357
This sensitive data leak can be exploited by attackers to gain detailed knowledge about the system setup, installed applications, and other critical information. • https://github.com/IceWhaleTech/ZimaOS/security/advisories/GHSA-hg2h-q5h6-r5c4 https://youtu.be/H_WoqzM-9Cc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •