CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-49071 – Windows Defender Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-49071
Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49071 • CWE-612: Improper Authorization of Index Containing Sensitive Information •
CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 1CVE-2024-10043 – Incorrect Authorization in GitLab
https://notcve.org/view.php?id=CVE-2024-10043
An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature, potentially leading to information disclosure. • https://gitlab.com/gitlab-org/gitlab/-/issues/499577 https://hackerone.com/reports/2774817 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12553 – GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-12553
GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. • https://www.zerodayinitiative.com/advisories/ZDI-24-1682 • CWE-862: Missing Authorization •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53845 – AES/CBC Constant IV Vulnerability in ESPTouch v2
https://notcve.org/view.php?id=CVE-2024-53845
In AES/CBC mode, if the IV is not properly initialized, the encrypted output becomes deterministic, leading to potential data leakage. • https://github.com/EspressifApp/EsptouchForAndroid/tree/master/esptouch-v2 https://github.com/EspressifApp/EsptouchForIOS/tree/master/EspTouchDemo/ESPTouchV2 https://github.com/espressif/esp-idf/commit/4f85a2726e04b737c8646d865b44ddd837b703db https://github.com/espressif/esp-idf/commit/8fb28dcedcc49916a5206456a3a61022d4302cd8 https://github.com/espressif/esp-idf/commit/d47ed7d6f814e21c5bc8997ab0bc68e2360e5cb2 https://github.com/espressif/esp-idf/commit/de69895f38d563e22228f5ba23fffa02feabc3a9 https://github.com/espressif/esp-idf/commit/fd224e83bbf133833638b277c767b • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-909: Missing Initialization of Resource •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51460 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2024-51460
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7177698 • CWE-209: Generation of Error Message Containing Sensitive Information •