CVE-2020-12491 – Framework Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-12491
Improper control of framework service permissions with possibility of some sensitive device information leakage. • https://www.vivo.com/en/support/security-advisory-detail?id=11 • CWE-306: Missing Authentication for Critical Function •
CVE-2024-10451 – Org.keycloak:keycloak-quarkus-server: sensitive data exposure in keycloak build process
https://notcve.org/view.php?id=CVE-2024-10451
This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in environment variables during the build process is also stored as a default values, making it accessible during runtime. Indirect usage of environment variables for SPI options and Quarkus properties is also vulnerable due to unconditional expansion by PropertyMapper logic, capturing sensitive data as default values in all Keycloak versions up to 26.0.2. • https://access.redhat.com/errata/RHSA-2024:10175 https://access.redhat.com/errata/RHSA-2024:10176 https://access.redhat.com/errata/RHSA-2024:10177 https://access.redhat.com/errata/RHSA-2024:10178 https://access.redhat.com/security/cve/CVE-2024-10451 https://bugzilla.redhat.com/show_bug.cgi?id=2322096 • CWE-798: Use of Hard-coded Credentials •
CVE-2024-35160 – IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2024-35160
IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. • https://www.ibm.com/support/pages/node/7168703 https://www.ibm.com/support/pages/node/7176947 • CWE-613: Insufficient Session Expiration •
CVE-2024-0122
https://notcve.org/view.php?id=CVE-2024-0122
A successful exploit of this vulnerability may lead to partial denial of service and confidential information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5570 • CWE-862: Missing Authorization •
CVE-2024-0138
https://notcve.org/view.php?id=CVE-2024-0138
A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5595 • CWE-862: Missing Authorization •