CVE-2024-27334 – Kofax Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-27334
Kofax Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. ... User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. ... User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files.The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. • https://www.zerodayinitiative.com/advisories/ZDI-24-232 • CWE-125: Out-of-bounds Read •
CVE-2023-27291 – IBM Watson CP4D Data Stores information disclosure
https://notcve.org/view.php?id=CVE-2023-27291
IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248740 https://www.ibm.com/support/pages/node/6965458 • CWE-311: Missing Encryption of Sensitive Data CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2023-47745 – IBM MQ Container information disclosure
https://notcve.org/view.php?id=CVE-2023-47745
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. IBM X-Force ID: 272638. • https://exchange.xforce.ibmcloud.com/vulnerabilities/272638 https://www.ibm.com/support/pages/node/7126571 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2024-27255 – IBM MQ Container information disclosure
https://notcve.org/view.php?id=CVE-2024-27255
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905. • https://exchange.xforce.ibmcloud.com/vulnerabilities/283905 https://www.ibm.com/support/pages/node/7126571 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2019-25210 – helm: shows secrets with --dry-run option in clear text
https://notcve.org/view.php?id=CVE-2019-25210
A vulnerability was found in Helm that may lead to sensitive information disclosure. • https://github.com/helm/helm/issues/7275 https://helm.sh/blog/response-cve-2019-25210 https://www.cncf.io/projects/helm https://access.redhat.com/security/cve/CVE-2019-25210 https://bugzilla.redhat.com/show_bug.cgi?id=2268201 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •