CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27163 – Leak of admin password and passwords
https://notcve.org/view.php?id=CVE-2024-27163
Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the printer. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27157 – Leak of authentication sessions in secure logs
https://notcve.org/view.php?id=CVE-2024-27157
The sessions are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL. Las sesiones se almacenan en registros de texto plano. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27156 – Leak of authentication sessions in secure logs
https://notcve.org/view.php?id=CVE-2024-27156
The session cookies, used for authentication, are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL. Las cookies de sesión, utilizadas para la autenticación, se almacenan en registros de texto plano. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-0084
https://notcve.org/view.php?id=CVE-2024-0084
A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5551 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-0099
https://notcve.org/view.php?id=CVE-2024-0099
A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5551 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •