CVE-2024-9832 – No limit on failed login attempts with Clinician Password or Serial Number Clinician Password on Life2000 Ventilator
https://notcve.org/view.php?id=CVE-2024-9832
An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to device settings that could disrupt the function of the device and/or result in unauthorized information disclosure. • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2024-9834 – Improper data protection on Life2000 ventilator serial interface
https://notcve.org/view.php?id=CVE-2024-9834
Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance. • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2024-49025 – Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-49025
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49025 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVE-2024-3502 – Exposure of Sensitive Information in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-3502
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists where account recovery hashes of users are inadvertently exposed to unauthorized actors. ... The exposed account recovery hashes, while not directly related to user passwords, represent sensitive information that should not be accessible to unauthorized parties. • https://github.com/lunary-ai/lunary/commit/17e95f6c99c7d5ac4ee5451c5857b97a12892c74 https://huntr.com/bounties/c2aff952-2dec-4538-8905-190c484aae94 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-3501 – Exposure of Sensitive Information in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-3501
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/users/me/org` API endpoints. • https://github.com/lunary-ai/lunary/commit/17e95f6c99c7d5ac4ee5451c5857b97a12892c74 https://huntr.com/bounties/8fdfdb9d-10bd-4f00-8004-d5baabc20c6e • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •