CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6805 – Missing Authorization Checks in NI VeriStand Gateway for File Transfer Resources
https://notcve.org/view.php?id=CVE-2024-6805
These missing checks may result in information disclosure or remote code execution. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of NI VeriStand. ... An attacker can leverage this vulnerability to disclose information in the context of the current user. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/missing-authorization-checks-in-ni-veristand-gateway.html • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6122 – Incorrect Default Directory Permissions for NI SystemLink Redis Service
https://notcve.org/view.php?id=CVE-2024-6122
An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. ... This vulnerability allows local attackers to disclose sensitive information on affected installations of NI FlexLogger. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-default-directory-permissions-for-ni-systemlink-redis-service.html • CWE-276: Incorrect Default Permissions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40628 – Arbitrary File Read in Ansible Playbooks in Jumpserver
https://notcve.org/view.php?id=CVE-2024-40628
An attacker can exploit the ansible playbook to read arbitrary files in the celery container, leading to sensitive information disclosure. • https://github.com/jumpserver/jumpserver/security/advisories/GHSA-rpf7-g4xh-84v9 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38302
https://notcve.org/view.php?id=CVE-2024-38302
A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure. • https://www.dell.com/support/kbdoc/en-us/000227053/dsa-2024-303-security-update-for-dell-data-lakehouse-system-software-for-multiple-security-vulnerabilities • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40633 – Customer data leak via adjustments API endpoint in Sylius
https://notcve.org/view.php?id=CVE-2024-40633
Using these tokens, an attacker can access guest customer order details - sensitive guest customer information. • https://github.com/Sylius/Sylius/security/advisories/GHSA-55rf-8q29-4g43 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •