CVE-2024-38829 – Spring LDAP sensitive data exposure for case-sensitive comparisons
https://notcve.org/view.php?id=CVE-2024-38829
A vulnerability in VMware Tanzu Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820 Una vulnerabilidad en VMware Tanzu Spring LDAP permite la exposición de datos para comparaciones que distinguen entre mayúsculas y minúsculas. Este problema afecta a Spring LDAP: de 2.4.0 a 2.4.3, de 3.0.0 a 3.0.9, de 3.1.0 a 3.1.7, de 3.2.0 a 3.2.7, Y todas las versiones anteriores a 2.4.0. El uso de String.toLowerCase() y String.toUpperCase() tiene algunas excepciones dependientes de la configuración regional que podrían provocar que se consulten columnas no deseadas. Relacionado con CVE-2024-38820 https://spring.io/security/cve-2024-38820 A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820 • https://spring.io/security/cve-2024-38829 • CWE-178: Improper Handling of Case Sensitivity •
CVE-2024-41775 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2024-41775
IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7177220 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2024-25035 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2024-25035
IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks. • https://www.ibm.com/support/pages/node/7177220 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVE-2021-29892 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2021-29892
IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. • https://www.ibm.com/support/pages/node/7177220 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2024-9978 – Liteos_a has an out-of-bounds read vulnerability
https://notcve.org/view.php?id=CVE-2024-9978
in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read. en OpenHarmony v4.1.1 y versiones anteriores, se permite que un atacante local provoque fugas de información a través de lecturas fuera de los límites. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-12.md • CWE-125: Out-of-bounds Read •