CVE-2024-4369 – Cluster-image-registry-operator: exposes a secret via env variable in pod definition on azure
https://notcve.org/view.php?id=CVE-2024-4369
An information disclosure flaw was found in OpenShift's internal image registry operator. • https://access.redhat.com/errata/RHSA-2024:3881 https://access.redhat.com/errata/RHSA-2024:3889 https://access.redhat.com/security/cve/CVE-2024-4369 https://bugzilla.redhat.com/show_bug.cgi?id=2278035 • CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable •
CVE-2023-48684
https://notcve.org/view.php?id=CVE-2023-48684
Sensitive information disclosure and manipulation due to missing authorization. • https://security-advisory.acronis.com/advisories/SEC-6021 • CWE-862: Missing Authorization •
CVE-2023-48683
https://notcve.org/view.php?id=CVE-2023-48683
Sensitive information disclosure and manipulation due to missing authorization. • https://security-advisory.acronis.com/advisories/SEC-5899 • CWE-862: Missing Authorization •
CVE-2024-28961
https://notcve.org/view.php?id=CVE-2024-28961
Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. • https://www.dell.com/support/kbdoc/en-us/000224251/dsa-2024-184-security-update-for-dell-openmanage-enterprise-vulnerability • CWE-256: Plaintext Storage of a Password •
CVE-2024-4300 – FS-EZViewer(Web) - Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2024-4300
E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. Accessing this path allows attacker to obtain the database credential with the highest privilege and database host IP address. With this information, attackers can connect to the database and perform actions such as adding, modifying, or deleting database contents. • https://www.twcert.org.tw/tw/cp-132-7774-fbd01-1.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •