CVSS: 7.1EPSS: %CPEs: -EXPL: 0CVE-2024-9710 – PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9710
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the database_schema method. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to execute code in the context of the service account. •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45739 – Sensitive information disclosure in AdminManager logging channel
https://notcve.org/view.php?id=CVE-2024-45739
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level. • https://advisory.splunk.com/advisories/SVD-2024-1009 https://research.splunk.com/application/93dc7182-c5da-4085-82ec-401abf33d623 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45738 – Sensitive information disclosure in REST_Calls logging channel
https://notcve.org/view.php?id=CVE-2024-45738
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level. • https://advisory.splunk.com/advisories/SVD-2024-1008 https://research.splunk.com/application/93dc7182-c5da-4085-82ec-401abf33d623 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-9539
https://notcve.org/view.php?id=CVE-2024-9539
An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. • https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.16 https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.10 https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.5 https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5474
https://notcve.org/view.php?id=CVE-2024-5474
A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. • https://support.lenovo.com/us/en/product_security/LEN-158394 • CWE-276: Incorrect Default Permissions •