CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-10451 – Org.keycloak:keycloak-quarkus-server: sensitive data exposure in keycloak build process
https://notcve.org/view.php?id=CVE-2024-10451
This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. • https://access.redhat.com/errata/RHSA-2024:10175 https://access.redhat.com/errata/RHSA-2024:10176 https://access.redhat.com/errata/RHSA-2024:10177 https://access.redhat.com/errata/RHSA-2024:10178 https://access.redhat.com/security/cve/CVE-2024-10451 https://bugzilla.redhat.com/show_bug.cgi?id=2322096 • CWE-798: Use of Hard-coded Credentials •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-35160 – IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2024-35160
IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. • https://www.ibm.com/support/pages/node/7168703 https://www.ibm.com/support/pages/node/7176947 • CWE-613: Insufficient Session Expiration •
CVSS: 7.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-0122
https://notcve.org/view.php?id=CVE-2024-0122
A successful exploit of this vulnerability may lead to partial denial of service and confidential information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5570 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0138
https://notcve.org/view.php?id=CVE-2024-0138
A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5595 • CWE-862: Missing Authorization •
CVSS: 5.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41781 – IBM PowerVM Hypervisor information disclosure
https://notcve.org/view.php?id=CVE-2024-41781
IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore. La funcionalidad de IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 a FW950.90, FW1030.00 a FW1030.60, FW1050.00 a FW1050.20 y FW1060.00 a FW1060.10) puede verse comprometida si un atacante obtiene acceso de servicio a la HMC. Un atacante que obtiene acceso de servicio a la HMC puede localizar y, a través de una serie de procedimientos de servicio, descifrar los datos contenidos en Platform KeyStore. • https://www.ibm.com/support/pages/node/7172698 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •