CVE-2021-39090 – IBM Cloud Pak for Security information disclosure
https://notcve.org/view.php?id=CVE-2021-39090
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 216388. IBM Cloud Pak for Security (CP4S) 1.10.0.0 a 1.10.6.0 podría permitir que un atacante remoto obtenga información confidencial, causada por no habilitar correctamente HTTP Strict Transport Security. Un atacante podría aprovechar esta vulnerabilidad para obtener información confidencial utilizando técnicas de intermediario. • https://exchange.xforce.ibmcloud.com/vulnerabilities/216388 https://www.ibm.com/support/pages/node/6856407 • CWE-311: Missing Encryption of Sensitive Data •
CVE-2023-27545 – IBM Watson CloudPak for Data Data Stores information disclosure
https://notcve.org/view.php?id=CVE-2023-27545
IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another user on the system. ... La divulgación de información de IBM Watson CloudPak for Data Data Stores 4.6.0 permite que las páginas web se almacenen localmente y que otro usuario del sistema pueda leerlas. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248947 https://www.ibm.com/support/pages/node/6965446 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVE-2023-38372 – IBM Watson IoT Platform information disclosure
https://notcve.org/view.php?id=CVE-2023-38372
An unauthorized attacker who has obtained an IBM Watson IoT Platform 1.0 security authentication token can use it to impersonate an authorized platform user. IBM X-Force ID: 261201. Un atacante no autorizado que haya obtenido un token de autenticación de seguridad de IBM Watson IoT Platform 1.0 puede utilizarlo para hacerse pasar por un usuario de plataforma autorizado. ID de IBM X-Force: 261201. • https://exchange.xforce.ibmcloud.com/vulnerabilities/261201 https://www.ibm.com/support/pages/node/7020635 • CWE-287: Improper Authentication •
CVE-2024-1120 – NextMove Lite – Thank You Page for WooCommerce & Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.17.0 - Missing Authorization to Unauthenticated System Information Disclosure
https://notcve.org/view.php?id=CVE-2024-1120
The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the download_tools_settings() function in all versions up to, and including, 2.17.0. • https://plugins.trac.wordpress.org/browser/finale-woocommerce-sales-countdown-timer-discount/trunk/includes/wcct-xl-support.php#L710 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042127%40finale-woocommerce-sales-countdown-timer-discount&new=3042127%40finale-woocommerce-sales-countdown-timer-discount&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/3d9332be-2cf0-46cd-81e4-6436aeec0f83?source=cve • CWE-862: Missing Authorization •
CVE-2024-22251 – Out-of-bounds read vulnerability
https://notcve.org/view.php?id=CVE-2024-22251
A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure. • https://www.vmware.com/security/advisories/VMSA-2024-0005.html •