CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-38938 – IBM Host Access Transformation Services information disclosure
https://notcve.org/view.php?id=CVE-2021-38938
IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 210989. IBM Host Access Transformation Services (HATS) 9.6 a 9.6.1.4 y 9.7 a 9.7.0.3 almacena las credenciales de usuario en texto sin formato que puede ser leído por un usuario local. ID de IBM X-Force: 210989. • https://exchange.xforce.ibmcloud.com/vulnerabilities/210989 https://www.ibm.com/support/pages/node/6832964 • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46181 – IBM Secure Proxy information disclosure
https://notcve.org/view.php?id=CVE-2023-46181
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686. IBM Sterling Secure Proxy 6.0.3 y 6.1.0 permite que las páginas web se almacenen localmente y que otro usuario del sistema pueda leerlas. ID de IBM X-Force: 269686. • https://exchange.xforce.ibmcloud.com/vulnerabilities/269686 https://www.ibm.com/support/pages/node/7142038 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46179 – IBM Secure Proxy information disclosure
https://notcve.org/view.php?id=CVE-2023-46179
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 269683. IBM Sterling Secure Proxy 6.0.3 y 6.1.0 no establece el atributo seguro en tokens de autorización o cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/269683 https://www.ibm.com/support/pages/node/7142038 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-23944 – Apache ZooKeeper: Information disclosure in persistent watcher handling
https://notcve.org/view.php?id=CVE-2024-23944
Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. ... It's important to note that only the path is exposed by this vulnerability, not the data of znode, but since znode path can contain sensitive information like user name or login ID, this issue is potentially critical. Users are recommended to upgrade to version 3.9.2, 3.8.4 which fixes the issue. • http://www.openwall.com/lists/oss-security/2024/03/14/2 https://lists.apache.org/thread/96s5nqssj03rznz9hv58txdb2k1lr79k • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2180 – Zemana AntiLogger v2.74.204.664 - Kernel Memory Leak
https://notcve.org/view.php?id=CVE-2024-2180
Zemana AntiLogger v2.74.204.664 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x80002020 IOCTL code of the zam64.sys and zamguard64.sys drivers Zemana AntiLogger v2.74.204.664 es afectado por una vulnerabilidad de fuga de información de memoria al activar el código IOCTL 0x80002020 de los controladores zam64.sys y zamguard64.sys • https://fluidattacks.com/advisories/gomez https://zemana.com/us/antilogger.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-404: Improper Resource Shutdown or Release •