CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40630 – HEIF Heap OOB Read in OpenImageIO
https://notcve.org/view.php?id=CVE-2024-40630
15 Jul 2024 — In the worst case, this can lead to an information disclosure vulnerability, particularly for programs that directly use the `ImageInput` APIs. • https://github.com/AcademySoftwareFoundation/OpenImageIO/blob/7c486a1121a4bf71d50ff555fab2770294b748d7/src/heif.imageio/heifinput.cpp#L250 • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39826 – Zoom Workplace Apps and SDKs - Path traversal
https://notcve.org/view.php?id=CVE-2024-39826
15 Jul 2024 — Path traversal in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information disclosure via network access. • https://www.zoom.com/en/trust/security-bulletin/zsb-24023 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6398
https://notcve.org/view.php?id=CVE-2024-6398
15 Jul 2024 — An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. ... Any information disclosed depends on how the customers have customized the block pages. • https://thrive.trellix.com/s/article/000013694 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39740 – IBM Datacap Navigator information disclosure
https://notcve.org/view.php?id=CVE-2024-39740
15 Jul 2024 — IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. • https://exchange.xforce.ibmcloud.com/vulnerabilities/296009 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39729 – IBM Datacap Navigator information disclosure
https://notcve.org/view.php?id=CVE-2024-39729
15 Jul 2024 — IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. • https://exchange.xforce.ibmcloud.com/vulnerabilities/295968 • CWE-540: Inclusion of Sensitive Information in Source Code •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39731 – IBM Datacap Navigator information disclosure
https://notcve.org/view.php?id=CVE-2024-39731
15 Jul 2024 — IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://exchange.xforce.ibmcloud.com/vulnerabilities/295970 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39737 – IBM Datacap Navigator information disclosure
https://notcve.org/view.php?id=CVE-2024-39737
15 Jul 2024 — IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. • https://exchange.xforce.ibmcloud.com/vulnerabilities/296004 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39733 – IBM Datacap Navigator information disclosure
https://notcve.org/view.php?id=CVE-2024-39733
14 Jul 2024 — IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972. IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 almacena las credenciales de usuario en texto plano que puede ser leído por un usuario local. ID de IBM X-Force: 295972. • https://exchange.xforce.ibmcloud.com/vulnerabilities/295972 • CWE-256: Plaintext Storage of a Password •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39732 – IBM Datacap Navigator information disclosure
https://notcve.org/view.php?id=CVE-2024-39732
14 Jul 2024 — IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. IBM X-Force ID: 295791. IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 almacena temporalmente datos de diferentes entornos que podría obtener un usuario malintencionado. ID de IBM X-Force: 295791. • https://exchange.xforce.ibmcloud.com/vulnerabilities/295791 • CWE-316: Cleartext Storage of Sensitive Information in Memory •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39734 – IBM Datacap Navigator information disclosure
https://notcve.org/view.php?id=CVE-2024-39734
14 Jul 2024 — IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 296001. IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 no establece el atributo seguro en se... • https://exchange.xforce.ibmcloud.com/vulnerabilities/296001 •