CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38372 – IBM Watson IoT Platform information disclosure
https://notcve.org/view.php?id=CVE-2023-38372
An unauthorized attacker who has obtained an IBM Watson IoT Platform 1.0 security authentication token can use it to impersonate an authorized platform user. IBM X-Force ID: 261201. Un atacante no autorizado que haya obtenido un token de autenticación de seguridad de IBM Watson IoT Platform 1.0 puede utilizarlo para hacerse pasar por un usuario de plataforma autorizado. ID de IBM X-Force: 261201. • https://exchange.xforce.ibmcloud.com/vulnerabilities/261201 https://www.ibm.com/support/pages/node/7020635 • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-1120 – NextMove Lite – Thank You Page for WooCommerce & Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.17.0 - Missing Authorization to Unauthenticated System Information Disclosure
https://notcve.org/view.php?id=CVE-2024-1120
This makes it possible for unauthenticated attackers to export system information that can aid attackers in an attack. • https://plugins.trac.wordpress.org/browser/finale-woocommerce-sales-countdown-timer-discount/trunk/includes/wcct-xl-support.php#L710 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042127%40finale-woocommerce-sales-countdown-timer-discount&new=3042127%40finale-woocommerce-sales-countdown-timer-discount&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/3d9332be-2cf0-46cd-81e4-6436aeec0f83?source=cve • CWE-862: Missing Authorization •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-22251 – Out-of-bounds read vulnerability
https://notcve.org/view.php?id=CVE-2024-22251
A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure. • https://www.vmware.com/security/advisories/VMSA-2024-0005.html • CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48680
https://notcve.org/view.php?id=CVE-2023-48680
Sensitive information disclosure due to excessive collection of system information. • https://security-advisory.acronis.com/advisories/SEC-5392 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48678
https://notcve.org/view.php?id=CVE-2023-48678
Sensitive information disclosure due to insecure folder permissions. • https://security-advisory.acronis.com/advisories/SEC-2319 • CWE-276: Incorrect Default Permissions •