CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 2CVE-2024-6646 – Netgear WN604 Web Interface downloadFile.php information disclosure
https://notcve.org/view.php?id=CVE-2024-6646
10 Jul 2024 — The manipulation of the argument file with the input config leads to information disclosure. ... NOTE: The vendor was contacted early about this disclosure but did not respond in any way. ... Dank Manipulation des Arguments file mit der Eingabe config mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/inviewp/CVE-2024-6646 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33860 – IBM Security ReaQta information disclosure
https://notcve.org/view.php?id=CVE-2023-33860
10 Jul 2024 — IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257702. IBM Security QRadar EDR 3.12 no establece el atributo seguro en tokens de autorización o cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257702 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33859 – IBM Security ReaQta information disclosure
https://notcve.org/view.php?id=CVE-2023-33859
10 Jul 2024 — IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257697 • CWE-204: Observable Response Discrepancy •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21524
https://notcve.org/view.php?id=CVE-2024-21524
10 Jul 2024 — It's possible to return previously allocated memory, for example, by providing negative indexes, leading to an Information Disclosure. • https://gist.github.com/dellalibera/0bb022811224f81d998fa61c3175ee67 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38301
https://notcve.org/view.php?id=CVE-2024-38301
10 Jul 2024 — A low privileged attacker could potentially exploit this vulnerability, leading to denial of service on the local system and information disclosure. • https://www.dell.com/support/kbdoc/en-us/000225774/dsa-2024-258 • CWE-1107: Insufficient Isolation of Symbolic Constant Definitions •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25023 – IBM QRadar Suite Software information disclosure
https://notcve.org/view.php?id=CVE-2024-25023
09 Jul 2024 — IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. • https://exchange.xforce.ibmcloud.com/vulnerabilities/281429 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21993 – Information Disclosure Vulnerability in SnapCenter
https://notcve.org/view.php?id=CVE-2024-21993
09 Jul 2024 — SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability which could allow an authenticated attacker to discover plaintext credentials. Las versiones de SnapCenter anteriores a la 5.0p1 son susceptibles a una vulnerabilidad que podría permitir a un atacante autenticado descubrir credenciales en texto plano. • https://security.netapp.com/advisory/ntap-20240705-0007 •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-34721
https://notcve.org/view.php?id=CVE-2024-34721
09 Jul 2024 — In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. • https://android.googlesource.com/platform/packages/providers/MediaProvider/+/7a1cbf5a8e17e6bff7c835fdd30dcc42b681db0a • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 2CVE-2024-31319
https://notcve.org/view.php?id=CVE-2024-31319
09 Jul 2024 — In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. • https://github.com/23Nero/fix-02-failure-CVE-2024-31319-CVE-2024-0039 • CWE-441: Unintended Proxy or Intermediary ('Confused Deputy') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-31312
https://notcve.org/view.php?id=CVE-2024-31312
09 Jul 2024 — In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. • https://android.googlesource.com/platform/frameworks/base/+/748055291460bcaafa3e53c7da1601a687959477 • CWE-276: Incorrect Default Permissions •