CVSS: 3.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-1742 – Information disclosure in mk_oracle Checkmk agent plugin
https://notcve.org/view.php?id=CVE-2024-1742
Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list. • https://checkmk.com/werk/16234 • CWE-214: Invocation of Process Using Visible Sensitive Information •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27277 – IBM Storage Protect Plus Server information disclosure
https://notcve.org/view.php?id=CVE-2024-27277
The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: 285205. La clave privada del certificado IBM Storage Protect Plus Server 10.1.0 a 10.1.16 se puede divulgar, lo que socava la seguridad del certificado. ID de IBM X-Force: 285205. • https://exchange.xforce.ibmcloud.com/vulnerabilities/285205 https://www.ibm.com/support/pages/node/7144861 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-28834 – Gnutls: vulnerable to minerva side-channel information leak
https://notcve.org/view.php?id=CVE-2024-28834
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel. Se encontró una falla en GnuTLS. El ataque Minerva es una vulnerabilidad criptográfica que explota el comportamiento determinista en sistemas como GnuTLS, lo que genera filtraciones de canales laterales. • http://www.openwall.com/lists/oss-security/2024/03/22/1 http://www.openwall.com/lists/oss-security/2024/03/22/2 https://access.redhat.com/errata/RHSA-2024:1784 https://access.redhat.com/errata/RHSA-2024:1879 https://access.redhat.com/errata/RHSA-2024:1997 https://access.redhat.com/errata/RHSA-2024:2044 https://access.redhat.com/errata/RHSA-2024:2570 https://access.redhat.com/errata/RHSA-2024:2889 https://access.redhat.com/security/cve/CVE-2024-28834 https:&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35888 – IBM Security Verify Governance information disclosure
https://notcve.org/view.php?id=CVE-2023-35888
IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/258375 https://www.ibm.com/support/pages/node/7144228 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 2CVE-2023-40278 – OpenClinic GA 5.247.01 - Information Disclosure
https://notcve.org/view.php?id=CVE-2023-40278
An Information Disclosure vulnerability has been identified in the printAppointmentPdf.jsp component of OpenClinic GA. ... OpenClinic GA version 5.247.01 suffers from an information disclosure vulnerability. • https://www.exploit-db.com/exploits/51994 https://github.com/BugBountyHunterCVE/CVE-2023-40278 https://github.com/BugBountyHunterCVE/CVE-2023-40278/blob/main/CVE-2023-40278_Information-Disclosure_OpenClinic-GA_5.247.01_Report.md https://sourceforge.net/projects/open-clinic • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •