CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53245 – Information Disclosure due to Username Collision with a Role that has the same Name as the User
https://notcve.org/view.php?id=CVE-2024-53245
10 Dec 2024 — In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard. • https://advisory.splunk.com/advisories/SVD-2024-1203 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 26EXPL: 0CVE-2024-49082 – Windows File Explorer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-49082
10 Dec 2024 — Windows File Explorer Information Disclosure Vulnerability This vulnerability allows remote attackers to delete arbitrary files or disclose sensitive information on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to delete files or disclose information in the context of the current user. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49082 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49062 – Microsoft SharePoint Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-49062
10 Dec 2024 — Microsoft SharePoint Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49062 • CWE-23: Relative Path Traversal •
CVSS: 4.6EPSS: 0%CPEs: 12EXPL: 0CVE-2024-49103 – Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-49103
10 Dec 2024 — Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49103 • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 4.6EPSS: 0%CPEs: 12EXPL: 0CVE-2024-49099 – Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-49099
10 Dec 2024 — Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49099 • CWE-125: Out-of-bounds Read •
CVSS: 4.6EPSS: 0%CPEs: 12EXPL: 0CVE-2024-49098 – Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-49098
10 Dec 2024 — Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49098 • CWE-125: Out-of-bounds Read •
CVSS: 4.9EPSS: 0%CPEs: 12EXPL: 0CVE-2024-49087 – Windows Mobile Broadband Driver Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-49087
10 Dec 2024 — Windows Mobile Broadband Driver Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49087 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49064 – Microsoft SharePoint Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-49064
10 Dec 2024 — Microsoft SharePoint Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49064 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47977 – Dell Avamar Fitness Analyzer API SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-47977
10 Dec 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Dell Avamar. • https://www.dell.com/support/kbdoc/en-us/000258636/dsa-2024-489-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-security-update-for-multiple-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47484 – Dell Avamar Web Restore Login Action SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-47484
10 Dec 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Dell Avamar. • https://www.dell.com/support/kbdoc/en-us/000258636/dsa-2024-489-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-security-update-for-multiple-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •