CVE-2024-43180 – IBM Concert information disclosure
https://notcve.org/view.php?id=CVE-2024-43180
IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. • https://exchange.xforce.ibmcloud.com/vulnerabilities/351213 https://www.ibm.com/support/pages/node/7168234 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVE-2024-3305 – Information Disclosure in Utarit Information's SoliClub
https://notcve.org/view.php?id=CVE-2024-3305
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android. • https://www.usom.gov.tr/bildirim/tr-24-1457 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-38222 – Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-38222
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38222 • CWE-276: Incorrect Default Permissions •
CVE-2024-4465 – Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0
https://notcve.org/view.php?id=CVE-2024-4465
In Guardian/CMC instances with a reporting configuration, there could be limited Denial of Service (DoS) impacts, as the reports may not reach their intended destination, and there could also be limited information disclosure impacts. • https://security.nozominetworks.com/NN-2024:2-01 • CWE-863: Incorrect Authorization •
CVE-2024-45787 – Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-45787
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL and intercepting response of the API request leading to exposure of sensitive information belonging to other users. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •