CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47588 – Information Disclosure vulnerability in SAP NetWeaver Java (Software Update Manager)
https://notcve.org/view.php?id=CVE-2024-47588
12 Nov 2024 — In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the logs. This leads to a high impact on confidentiality, with no impact on integrity or availability. • https://me.sap.com/notes/3522953 • CWE-522: Insufficiently Protected Credentials •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34015
https://notcve.org/view.php?id=CVE-2024-34015
11 Nov 2024 — Sensitive information disclosure during file browsing due to improper soft link handling. ... Sensitive information disclosure during file browsing due to improper symbolic link handling. • https://security-advisory.acronis.com/advisories/SEC-7601 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-50601
https://notcve.org/view.php?id=CVE-2024-50601
11 Nov 2024 — Exploitation could lead to session hijacking, data leakage, and further exploitation via a multi-stage attack. • https://www.axigen.com/knowledgebase/Axigen-WebMail-Persistent-and-Reflected-XSS-Vulnerabilities-CVE-2024-50601-_403.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48011
https://notcve.org/view.php?id=CVE-2024-48011
08 Nov 2024 — Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. • https://www.dell.com/support/kbdoc/en-us/000245360/dsa-2024-424-security-update-for-dell-pdsa-2024-424-security-update-for-dell-powerprotect-dd-vulnerabilityowerprotect-dd-vulnerability • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10285 – CE21 Suite <= 2.2.0 - JWT Token Disclosure
https://notcve.org/view.php?id=CVE-2024-10285
08 Nov 2024 — The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. • https://plugins.trac.wordpress.org/browser/ce21-suite/trunk/single-sign-on-ce21.php?rev=3097700#L237 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2024-10965 – emqx neuron JSON File schema information disclosure
https://notcve.org/view.php?id=CVE-2024-10965
07 Nov 2024 — The manipulation leads to information disclosure. ... Durch das Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/emqx/neuron/issues/2281 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2024-50340 – Ability to change environment from query in symfony/runtime
https://notcve.org/view.php?id=CVE-2024-50340
06 Nov 2024 — An attacker could possibly use this issue to obtain sensitive information and access unauthorized resources. Marco Squarcina discovered that Symfony incorrectly handled the storage of user session information. • https://github.com/Nyamort/CVE-2024-50340 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50342 – Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client
https://notcve.org/view.php?id=CVE-2024-50342
06 Nov 2024 — When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration. ... An attacker could possibly use this issue to obtain sensitive information and access unauthorized resources. Marco Squarcina discovered that Symfony incorrectly handled the storage of user session information. • https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50343 – Incorrect response from Validator when input ends with `\n` in symfony/validator
https://notcve.org/view.php?id=CVE-2024-50343
06 Nov 2024 — An attacker could possibly use this issue to obtain sensitive information and access unauthorized resources. Marco Squarcina discovered that Symfony incorrectly handled the storage of user session information. • https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f • CWE-20: Improper Input Validation •
CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50345 – Open redirect via browser-sanitized URLs in symfony/http-foundation
https://notcve.org/view.php?id=CVE-2024-50345
06 Nov 2024 — An attacker could possibly use this issue to obtain sensitive information and access unauthorized resources. Marco Squarcina discovered that Symfony incorrectly handled the storage of user session information. • https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •