CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9945 – Limited Information Disclosure in GoAnywhere MFT Prior to 7.7.0
https://notcve.org/view.php?id=CVE-2024-9945
13 Dec 2024 — An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to version 7.7.0 that allows external access to the resources in certain admin root folders. • https://www.fortra.com/security/advisories/product-security/fi-2024-014 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-425: Direct Request ('Forced Browsing') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48008
https://notcve.org/view.php?id=CVE-2024-48008
13 Dec 2024 — An Low privileged remote attacker could potentially exploit this vulnerability leading to information disclosure ,allowing of unintended actions like reading files that may contain sensitive information • https://www.dell.com/support/kbdoc/en-us/000259765/dsa-2024-429-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-third-party-component-vulnerabilities • CWE-11: ASP.NET Misconfiguration: Creating Debug Binary •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49071 – Windows Defender Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-49071
12 Dec 2024 — Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network. Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49071 • CWE-612: Improper Authorization of Index Containing Sensitive Information •
CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 1CVE-2024-10043 – Incorrect Authorization in GitLab
https://notcve.org/view.php?id=CVE-2024-10043
12 Dec 2024 — An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature, potentially leading to information disclosure. • https://gitlab.com/gitlab-org/gitlab/-/issues/499577 • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12553 – GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-12553
12 Dec 2024 — GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. • https://www.zerodayinitiative.com/advisories/ZDI-24-1682 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53845 – AES/CBC Constant IV Vulnerability in ESPTouch v2
https://notcve.org/view.php?id=CVE-2024-53845
11 Dec 2024 — In AES/CBC mode, if the IV is not properly initialized, the encrypted output becomes deterministic, leading to potential data leakage. • https://github.com/EspressifApp/EsptouchForAndroid/tree/master/esptouch-v2 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-909: Missing Initialization of Resource •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12382 – Debian Security Advisory 5829-1
https://notcve.org/view.php?id=CVE-2024-12382
11 Dec 2024 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_10.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12381 – Debian Security Advisory 5829-1
https://notcve.org/view.php?id=CVE-2024-12381
11 Dec 2024 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_10.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51460 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2024-51460
11 Dec 2024 — IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7177698 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23472 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2023-23472
11 Dec 2024 — IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/6988167 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •