CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31873 – IBM Security Verify Access Appliance information disclosure
https://notcve.org/view.php?id=CVE-2024-31873
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317. • https://exchange.xforce.ibmcloud.com/vulnerabilities/287317 https://www.ibm.com/support/pages/node/7147932 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6916 – Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1
https://notcve.org/view.php?id=CVE-2023-6916
Audit records for OpenAPI requests may include sensitive information. This could lead to unauthorized accesses and privilege escalation. Los registros de auditoría de solicitudes de OpenAPI pueden incluir información confidencial. Esto podría provocar accesos no autorizados y escalada de privilegios. • https://security.nozominetworks.com/NN-2023:17-01 • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-522: Insufficiently Protected Credentials •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2024-2731 – Improper Access Control Issues Lead to Sensitive Data Exposure in Mautic
https://notcve.org/view.php?id=CVE-2024-2731
Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users can see and edit the descriptions of tags. At the time of publication of the CVE no patch is available. Los usuarios con privilegios bajos (todos los permisos deseleccionados en la configuración de permisos de administrador) pueden ver ciertas páginas que exponen información confidencial como nombres de empresas, nombres y apellidos de los usuarios, nombres artísticos y campañas de monitoreo y sus descripciones. Además, los usuarios sin privilegios pueden ver y editar las descripciones de las etiquetas. • https://github.com/lockness-Ko/CVE-2024-27316 https://github.com/aeyesec/CVE-2024-27316_poc https://huntr.com/bounties/4d72d300-92d6-4e3c-93d8-52fe47396ae0 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2730 – Predictable Page Indexing Might Lead to Sensitive Data Exposure in Mautic
https://notcve.org/view.php?id=CVE-2024-2730
Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available Mautic utiliza índices de páginas predecibles para páginas de destino no publicadas; usuarios no autenticados pueden acceder a su contenido a través de URL de vista previa públicas que podrían exponer datos confidenciales. En el momento de publicación del CVE no hay ningún parche disponible • https://huntr.com/bounties/cd3321a4-9ebc-48fa-8d4c-b5720089c2d9 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20766 – Adobe Indesign 2024 TIF File Parsing Out-Of-Bound Read Information Disclosure Vulnerabiity
https://notcve.org/view.php?id=CVE-2024-20766
InDesign Desktop versions 18.5.1, 19.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 18.5.1, 19.2 y anteriores de InDesign Desktop se ven afectadas por una vulnerabilidad de lectura fuera de los límites que podría provocar la divulgación de memoria confidencial. Un atacante podría aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. • https://helpx.adobe.com/security/products/indesign/apsb24-20.html • CWE-125: Out-of-bounds Read •