CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-4369 – Cluster-image-registry-operator: exposes a secret via env variable in pod definition on azure
https://notcve.org/view.php?id=CVE-2024-4369
An information disclosure flaw was found in OpenShift's internal image registry operator. ... An attacker controlling an account that has high enough permissions to obtain pod information from the openshift-image-registry namespace could use this obtained client secret to perform actions as the registry operator's Azure service account. • https://access.redhat.com/errata/RHSA-2024:3881 https://access.redhat.com/errata/RHSA-2024:3889 https://access.redhat.com/security/cve/CVE-2024-4369 https://bugzilla.redhat.com/show_bug.cgi?id=2278035 • CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48684
https://notcve.org/view.php?id=CVE-2023-48684
Sensitive information disclosure and manipulation due to missing authorization. • https://security-advisory.acronis.com/advisories/SEC-6021 • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48683
https://notcve.org/view.php?id=CVE-2023-48683
Sensitive information disclosure and manipulation due to missing authorization. • https://security-advisory.acronis.com/advisories/SEC-5899 • CWE-862: Missing Authorization •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28961
https://notcve.org/view.php?id=CVE-2024-28961
Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. • https://www.dell.com/support/kbdoc/en-us/000224251/dsa-2024-184-security-update-for-dell-openmanage-enterprise-vulnerability • CWE-256: Plaintext Storage of a Password •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-4300 – FS-EZViewer(Web) - Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2024-4300
FS-EZViewer(Web) exposes sensitive information in the service. ... With this information, attackers can connect to the database and perform actions such as adding, modifying, or deleting database contents. • https://www.twcert.org.tw/tw/cp-132-7774-fbd01-1.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •