CVSS: 3.7EPSS: 0%CPEs: -EXPL: 0CVE-2023-23474 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2023-23474
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 245403. IBM Cognos Controller 10.4.1, 10.4.2 y 11.0.0 podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un seguimiento de la pila en el navegador. ID de IBM X-Force: 245403. • https://exchange.xforce.ibmcloud.com/vulnerabilities/245403 https://www.ibm.com/support/pages/node/7149876 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2021-20450 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2021-20450
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 196640. IBM Cognos Controller 10.4.1, 10.4.2 y 11.0.0 no establece el atributo seguro en los tokens de autorización ni en las cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/196640 https://www.ibm.com/support/pages/node/7149876 •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2020-4874 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2020-4874
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837. IBM Cognos Controller 10.4.1, 10.4.2 y 11.0.0 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 190837. • https://exchange.xforce.ibmcloud.com/vulnerabilities/190837 https://www.ibm.com/support/pages/node/7149876 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34063 – Degraded secret zeroization capabilities in vodozemac
https://notcve.org/view.php?id=CVE-2024-34063
This marginally increases the risk of sensitive data exposure. • https://github.com/matrix-org/vodozemac/commit/297548cad4016ce448c4b5007c54db7ee39489d9 https://github.com/matrix-org/vodozemac/security/advisories/GHSA-c3hm-hxwf-g5c6 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51612 – Kofax Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-51612
Kofax Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability. • https://www.zerodayinitiative.com/advisories/ZDI-23-1913 • CWE-416: Use After Free •