CVE-2024-43082
https://notcve.org/view.php?id=CVE-2024-43082
This could lead to local information disclosure with no additional execution privileges needed. • https://android.googlesource.com/platform/frameworks/base/+/6aa1b4fbf5936a1ff5bdbb79397c94910a6ed8f5 https://source.android.com/security/bulletin/2024-11-01 • CWE-125: Out-of-bounds Read •
CVE-2024-11165
https://notcve.org/view.php?id=CVE-2024-11165
An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the yb_backup log files, exposing the SAS token in plaintext. The leakage occurs during the backup procedure, leading to potential unauthorized access to resources associated with the SAS token. • https://github.com/yugabyte/yugabyte-db/commit/920989b6c0db0222bb7a0cce46febc76cf72d438 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2024-38203 – Windows Package Library Manager Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-38203
Windows Package Library Manager Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38203 • CWE-693: Protection Mechanism Failure •
CVE-2024-47593 – Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2024-47593
SAP NetWeaver Application Server ABAP allows an unauthenticated attacker with network access to read files from the server, which otherwise would be restricted.This attack is possible only if a Web Dispatcher or some sort of Proxy Server is in use and the file in question was previously opened or downloaded in an application based on SAP GUI for HTML Technology. This will not compromise the application's integrity or availability. • https://me.sap.com/notes/3508947 https://url.sap/sapsecuritypatchday • CWE-276: Incorrect Default Permissions •
CVE-2024-47592 – Information Disclosure Vulnerability in SAP NetWeaver Application Server Java (Logon Application)
https://notcve.org/view.php?id=CVE-2024-47592
SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This has an impact on confidentiality but not on integrity or availability. • https://me.sap.com/notes/3393899 https://url.sap/sapsecuritypatchday • CWE-307: Improper Restriction of Excessive Authentication Attempts •