CVE-2024-6805 – Missing Authorization Checks in NI VeriStand Gateway for File Transfer Resources
https://notcve.org/view.php?id=CVE-2024-6805
These missing checks may result in information disclosure or remote code execution. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/missing-authorization-checks-in-ni-veristand-gateway.html • CWE-862: Missing Authorization •
CVE-2024-6122 – Incorrect Default Directory Permissions for NI SystemLink Redis Service
https://notcve.org/view.php?id=CVE-2024-6122
An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-default-directory-permissions-for-ni-systemlink-redis-service.html • CWE-276: Incorrect Default Permissions •
CVE-2024-6961 – XXE in Guardrails AI when consuming RAIL documents
https://notcve.org/view.php?id=CVE-2024-6961
Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity. • https://research.jfrog.com/vulnerabilities/guardrails-rail-xxe-jfsa-2024-001035519 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2024-40628 – Arbitrary File Read in Ansible Playbooks in Jumpserver
https://notcve.org/view.php?id=CVE-2024-40628
An attacker can exploit the ansible playbook to read arbitrary files in the celery container, leading to sensitive information disclosure. • https://github.com/jumpserver/jumpserver/security/advisories/GHSA-rpf7-g4xh-84v9 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-38302
https://notcve.org/view.php?id=CVE-2024-38302
Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encryption of Sensitive Data vulnerability in the DDAE (Starburst). A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure. Dell Data Lakehouse, versión(es) 1.0.0.0, contiene una vulnerabilidad de cifrado faltante de datos confidenciales en DDAE (Starburst). • https://www.dell.com/support/kbdoc/en-us/000227053/dsa-2024-303-security-update-for-dell-data-lakehouse-system-software-for-multiple-security-vulnerabilities • CWE-311: Missing Encryption of Sensitive Data •