CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-48008
https://notcve.org/view.php?id=CVE-2024-48008
An Low privileged remote attacker could potentially exploit this vulnerability leading to information disclosure ,allowing of unintended actions like reading files that may contain sensitive information • https://www.dell.com/support/kbdoc/en-us/000259765/dsa-2024-429-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-third-party-component-vulnerabilities • CWE-11: ASP.NET Misconfiguration: Creating Debug Binary •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-49071 – Windows Defender Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-49071
Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49071 • CWE-612: Improper Authorization of Index Containing Sensitive Information •
CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 1CVE-2024-10043 – Incorrect Authorization in GitLab
https://notcve.org/view.php?id=CVE-2024-10043
An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature, potentially leading to information disclosure. • https://gitlab.com/gitlab-org/gitlab/-/issues/499577 https://hackerone.com/reports/2774817 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12553 – GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-12553
GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. • https://www.zerodayinitiative.com/advisories/ZDI-24-1682 • CWE-862: Missing Authorization •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53845 – AES/CBC Constant IV Vulnerability in ESPTouch v2
https://notcve.org/view.php?id=CVE-2024-53845
In AES/CBC mode, if the IV is not properly initialized, the encrypted output becomes deterministic, leading to potential data leakage. • https://github.com/EspressifApp/EsptouchForAndroid/tree/master/esptouch-v2 https://github.com/EspressifApp/EsptouchForIOS/tree/master/EspTouchDemo/ESPTouchV2 https://github.com/espressif/esp-idf/commit/4f85a2726e04b737c8646d865b44ddd837b703db https://github.com/espressif/esp-idf/commit/8fb28dcedcc49916a5206456a3a61022d4302cd8 https://github.com/espressif/esp-idf/commit/d47ed7d6f814e21c5bc8997ab0bc68e2360e5cb2 https://github.com/espressif/esp-idf/commit/de69895f38d563e22228f5ba23fffa02feabc3a9 https://github.com/espressif/esp-idf/commit/fd224e83bbf133833638b277c767b • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-909: Missing Initialization of Resource •