CVE-2024-25644 – Information Disclosure vulnerability in NetWeaver (WSRM)
https://notcve.org/view.php?id=CVE-2024-25644
Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application. • https://me.sap.com/notes/3425682 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2024-28339
https://notcve.org/view.php?id=CVE-2024-28339
An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. • https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88debuginfo.htm%EF%BC%89.md https://www.netgear.com/about/security • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-28340
https://notcve.org/view.php?id=CVE-2024-28340
An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. • https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88currentsetting.htm%EF%BC%89.md https://www.netgear.com/about/security • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-25114 – Sensitive Information Disclosure (JailID) to users in Collabora Online
https://notcve.org/view.php?id=CVE-2024-25114
Collabora Online is a collaborative online office suite based on LibreOffice technology. Each document in Collabora Online is opened by a separate "Kit" instance in a different "jail" with a unique directory "jailID" name. For security reasons, this directory name is randomly generated and should not be given out to the client. In affected versions of Collabora Online it is possible to use the CELL() function, with the "filename" argument, in the spreadsheet component to get a path which includes this JailID. The impact of this vulnerability in its own is low because it requires to be chained with another vulnerability. • https://github.com/CollaboraOnline/online/security/advisories/GHSA-2fh2-ppjf-p3xv https://github.com/LibreOffice/online/blob/master/wsd/README • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-27237
https://notcve.org/view.php?id=CVE-2024-27237
This could lead to local information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2024-03-01 •