CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42349 – FOG has a Log Information Disclosure
https://notcve.org/view.php?id=CVE-2024-42349
FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.4 and earlier can leak authorized and rejected logins via logs stored directly on the root of the web server. FOG Server creates 2 logs on the root of the web server (fog_login_accepted.log and fog_login_failed.log), exposing the name of the user account used to manage FOG, the IP address of the computer used to login and the User-Agent. This vulnerability is fixed in 1.5.10.47. • https://github.com/FOGProject/fogproject/security/advisories/GHSA-697m-3c4p-g29h • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-33892 – Ewon Cosy+ Password Disclosure
https://notcve.org/view.php?id=CVE-2024-33892
Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. • https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-07-29-001--ewon-several-cosy--vulnerabilities.pdf https://www.ewon.biz/products/cosy/ewon-cosy-wifi https://www.hms-networks.com/cyber-security https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway • CWE-281: Improper Preservation of Permissions •
CVSS: 2.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23600 – PingIDM Query Filter Vulnerability
https://notcve.org/view.php?id=CVE-2024-23600
Improper Input Validation of query search results for private field data in PingIDM OPENIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure. Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure. • https://backstage.forgerock.com/docs/idcloud/latest/release-notes/regular-channel-changelog.html#changed_functionality https://backstage.forgerock.com/knowledge/kb/article/a95212747 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6567 – Ebook Store <= 5.8001 - Unauthenticated Full Path Disclosure
https://notcve.org/view.php?id=CVE-2024-6567
The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.8001. ... The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. ... The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.8001. ... The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. • https://plugins.trac.wordpress.org/browser/ebook-store/trunk/fpdi/fpdi-protection-master/local-tests/simple.php https://www.wordfence.com/threat-intel/vulnerabilities/id/ebe431a7-b552-4891-9784-c6a7353228da?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28972
https://notcve.org/view.php?id=CVE-2024-28972
An unauthenticated remote attacker could potentially exploit this vulnerability, leading to information disclosure. • https://www.dell.com/support/kbdoc/en-us/000226567/dsa-2024-211-security-update-for-a-dell-insightiq-broken-or-risky-cryptographic-algorithm-vulnerability • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •