CVE-2024-33519 – Authenticated Server-Side prototype pollution Leading to Information Disclosure
https://notcve.org/view.php?id=CVE-2024-33519
A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN gateway could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. • https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVE-2024-37533 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2024-37533
IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294727 https://www.ibm.com/support/pages/node/7159173 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVE-2024-39676 – Apache Pinot: Unauthorized endpoint exposed sensitive information
https://notcve.org/view.php?id=CVE-2024-39676
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path “/appconfigs” to the controller, it can lead to the disclosure of sensitive information such as system information (e.g. arch, os version), environment information (e.g. maxHeapSize) and Pinot configurations (e.g. zookeeper path). • https://lists.apache.org/thread/hsm0b2w8qr0sqy4rj1mfnnw286tslpzc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-6805 – Missing Authorization Checks in NI VeriStand Gateway for File Transfer Resources
https://notcve.org/view.php?id=CVE-2024-6805
These missing checks may result in information disclosure or remote code execution. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of NI VeriStand. ... An attacker can leverage this vulnerability to disclose information in the context of the current user. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/missing-authorization-checks-in-ni-veristand-gateway.html • CWE-862: Missing Authorization •
CVE-2024-6122 – Incorrect Default Directory Permissions for NI SystemLink Redis Service
https://notcve.org/view.php?id=CVE-2024-6122
An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. ... This vulnerability allows local attackers to disclose sensitive information on affected installations of NI FlexLogger. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-default-directory-permissions-for-ni-systemlink-redis-service.html • CWE-276: Incorrect Default Permissions •