CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32753 – IBM Security Verify Directory information disclosure
https://notcve.org/view.php?id=CVE-2022-32753
IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228444. IBM Security Verify Directory 10.0.0 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 228444. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228444 https://www.ibm.com/support/pages/node/7145001 • CWE-326: Inadequate Encryption Strength •
CVSS: 3.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-1742 – Information disclosure in mk_oracle Checkmk agent plugin
https://notcve.org/view.php?id=CVE-2024-1742
Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list. La invocación del comando sqlplus con información confidencial en la línea de comando en el complemento del agente mk_oracle Checkmk antes de Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 y 2.0.0 (EOL) permite la extracción de esta información de la lista de procesos. • https://checkmk.com/werk/16234 • CWE-214: Invocation of Process Using Visible Sensitive Information •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27277 – IBM Storage Protect Plus Server information disclosure
https://notcve.org/view.php?id=CVE-2024-27277
The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: 285205. La clave privada del certificado IBM Storage Protect Plus Server 10.1.0 a 10.1.16 se puede divulgar, lo que socava la seguridad del certificado. ID de IBM X-Force: 285205. • https://exchange.xforce.ibmcloud.com/vulnerabilities/285205 https://www.ibm.com/support/pages/node/7144861 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-28834 – Gnutls: vulnerable to minerva side-channel information leak
https://notcve.org/view.php?id=CVE-2024-28834
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel. Se encontró una falla en GnuTLS. El ataque Minerva es una vulnerabilidad criptográfica que explota el comportamiento determinista en sistemas como GnuTLS, lo que genera filtraciones de canales laterales. • http://www.openwall.com/lists/oss-security/2024/03/22/1 http://www.openwall.com/lists/oss-security/2024/03/22/2 https://access.redhat.com/errata/RHSA-2024:1784 https://access.redhat.com/errata/RHSA-2024:1879 https://access.redhat.com/errata/RHSA-2024:1997 https://access.redhat.com/errata/RHSA-2024:2044 https://access.redhat.com/errata/RHSA-2024:2570 https://access.redhat.com/errata/RHSA-2024:2889 https://access.redhat.com/security/cve/CVE-2024-28834 https:&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35888 – IBM Security Verify Governance information disclosure
https://notcve.org/view.php?id=CVE-2023-35888
IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 258375. • https://exchange.xforce.ibmcloud.com/vulnerabilities/258375 https://www.ibm.com/support/pages/node/7144228 • CWE-311: Missing Encryption of Sensitive Data •