CVE-2024-25023 – IBM QRadar Suite Software information disclosure
https://notcve.org/view.php?id=CVE-2024-25023
IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. • https://exchange.xforce.ibmcloud.com/vulnerabilities/281429 https://www.ibm.com/support/pages/node/7159768 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2024-21993 – Information Disclosure Vulnerability in SnapCenter
https://notcve.org/view.php?id=CVE-2024-21993
SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability which could allow an authenticated attacker to discover plaintext credentials. Las versiones de SnapCenter anteriores a la 5.0p1 son susceptibles a una vulnerabilidad que podría permitir a un atacante autenticado descubrir credenciales en texto plano. • https://security.netapp.com/advisory/ntap-20240705-0007 •
CVE-2024-34721
https://notcve.org/view.php?id=CVE-2024-34721
In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. • https://android.googlesource.com/platform/packages/providers/MediaProvider/+/7a1cbf5a8e17e6bff7c835fdd30dcc42b681db0a https://source.android.com/security/bulletin/2024-07-01 • CWE-922: Insecure Storage of Sensitive Information •
CVE-2024-31319
https://notcve.org/view.php?id=CVE-2024-31319
In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. • https://github.com/23Nero/fix-02-failure-CVE-2024-31319-CVE-2024-0039 https://android.googlesource.com/platform/frameworks/base/+/3cc021bf608fa813a9a40932028fdde2b12a2d5e https://source.android.com/security/bulletin/2024-06-01 • CWE-441: Unintended Proxy or Intermediary ('Confused Deputy') •
CVE-2024-31312
https://notcve.org/view.php?id=CVE-2024-31312
In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. • https://android.googlesource.com/platform/frameworks/base/+/748055291460bcaafa3e53c7da1601a687959477 https://source.android.com/security/bulletin/2024-06-01 • CWE-276: Incorrect Default Permissions •