CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26312
https://notcve.org/view.php?id=CVE-2024-26312
06 May 2024 — Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. • https://archerirm.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27283 – IBM Aspera Orchestrator information disclosure
https://notcve.org/view.php?id=CVE-2023-27283
04 May 2024 — IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies. IBM X-Force ID: 248545. IBM Aspera Orchestrator 4.0.1 podría permitir a un atacante remoto enumerar nombres de usuarios debido a discrepancias de respuesta observables. ID de IBM X-Force: 248545. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248545 • CWE-204: Observable Response Discrepancy •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2023-40696 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2023-40696
03 May 2024 — IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://exchange.xforce.ibmcloud.com/vulnerabilities/264939 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20556 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2021-20556
03 May 2024 — IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181. IBM Cognos Controller 10.4.1, 10.4.2 y 11.0.0 podrían permitir que un usuario remoto enumere nombres de usuarios debido a mensajes de error diferenciadores en nombres de usuarios existentes. ID de IBM X-Force: 199181. • https://exchange.xforce.ibmcloud.com/vulnerabilities/199181 • CWE-204: Observable Response Discrepancy •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23474 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2023-23474
03 May 2024 — IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. • https://exchange.xforce.ibmcloud.com/vulnerabilities/245403 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.0EPSS: 0%CPEs: -EXPL: 0CVE-2021-20450 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2021-20450
03 May 2024 — IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 196640. IBM Cognos Controller 10.4.1, 10.4.2 y 11.0.0 no establece el atributo seguro en los tokens de autorizaci... • https://exchange.xforce.ibmcloud.com/vulnerabilities/196640 • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2020-4874 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2020-4874
03 May 2024 — IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://exchange.xforce.ibmcloud.com/vulnerabilities/190837 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34063 – Degraded secret zeroization capabilities in vodozemac
https://notcve.org/view.php?id=CVE-2024-34063
03 May 2024 — This marginally increases the risk of sensitive data exposure. • https://github.com/matrix-org/vodozemac/commit/297548cad4016ce448c4b5007c54db7ee39489d9 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51612 – Kofax Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-51612
03 May 2024 — Kofax Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. • https://www.zerodayinitiative.com/advisories/ZDI-23-1913 • CWE-416: Use After Free •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51611 – Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-51611
03 May 2024 — Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. • https://www.zerodayinitiative.com/advisories/ZDI-23-1912 • CWE-125: Out-of-bounds Read •