CVE-2023-27545 – IBM Watson CloudPak for Data Data Stores information disclosure
https://notcve.org/view.php?id=CVE-2023-27545
IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another user on the system. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248947 https://www.ibm.com/support/pages/node/6965446 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVE-2023-38372 – IBM Watson IoT Platform information disclosure
https://notcve.org/view.php?id=CVE-2023-38372
An unauthorized attacker who has obtained an IBM Watson IoT Platform 1.0 security authentication token can use it to impersonate an authorized platform user. IBM X-Force ID: 261201. Un atacante no autorizado que haya obtenido un token de autenticación de seguridad de IBM Watson IoT Platform 1.0 puede utilizarlo para hacerse pasar por un usuario de plataforma autorizado. ID de IBM X-Force: 261201. • https://exchange.xforce.ibmcloud.com/vulnerabilities/261201 https://www.ibm.com/support/pages/node/7020635 • CWE-287: Improper Authentication •
CVE-2024-1120 – NextMove Lite – Thank You Page for WooCommerce & Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.17.0 - Missing Authorization to Unauthenticated System Information Disclosure
https://notcve.org/view.php?id=CVE-2024-1120
The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the download_tools_settings() function in all versions up to, and including, 2.17.0. This makes it possible for unauthenticated attackers to export system information that can aid attackers in an attack. Los complementos The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce para WordPress son vulnerables al acceso no autorizado a los datos debido a una falta de verificación de capacidad en la función download_tools_settings() en todas las versiones hasta e incluyendo , 2.17.0. Esto hace posible que atacantes no autenticados exporten información del sistema que puede ayudar a los atacantes en un ataque. • https://plugins.trac.wordpress.org/browser/finale-woocommerce-sales-countdown-timer-discount/trunk/includes/wcct-xl-support.php#L710 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042127%40finale-woocommerce-sales-countdown-timer-discount&new=3042127%40finale-woocommerce-sales-countdown-timer-discount&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/3d9332be-2cf0-46cd-81e4-6436aeec0f83?source=cve • CWE-862: Missing Authorization •
CVE-2024-22251 – Out-of-bounds read vulnerability
https://notcve.org/view.php?id=CVE-2024-22251
A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure. • https://www.vmware.com/security/advisories/VMSA-2024-0005.html •
CVE-2023-48680
https://notcve.org/view.php?id=CVE-2023-48680
Sensitive information disclosure due to excessive collection of system information. • https://security-advisory.acronis.com/advisories/SEC-5392 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •