CVE-2023-50939 – IBM PowerSC information Disclosure
https://notcve.org/view.php?id=CVE-2023-50939
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129. IBM PowerSC 1.3, 2.0 y 2.1 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 275129. • https://exchange.xforce.ibmcloud.com/vulnerabilities/275129 https://www.ibm.com/support/pages/node/7113759 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2024-1098 – Rebuild proxy-download QiniuCloud.getStorageFile information disclosure
https://notcve.org/view.php?id=CVE-2024-1098
The manipulation of the argument url leads to information disclosure. ... Mittels dem Manipulieren des Arguments url mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://vuldb.com/?ctiid.252455 https://vuldb.com/?id.252455 https://www.yuque.com/mailemonyeyongjuan/tha8tr/ouiw375l0m8mw5ls • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-22236
https://notcve.org/view.php?id=CVE-2024-22236
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency. • https://spring.io/security/cve-2024-22236 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2023-46230 – Sensitive Information Disclosure to Internal Log Files in Splunk Add-on Builder
https://notcve.org/view.php?id=CVE-2023-46230
In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files. En las versiones de Splunk Add-on Builder inferiores a 4.1.4, la aplicación escribe información confidencial en archivos de registro internos. • https://advisory.splunk.com/advisories/SVD-2024-0111 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2024-23838 – TrueLayer.Client SSRF when fetching payment or payment provider
https://notcve.org/view.php?id=CVE-2024-23838
For applications using the SDK, requests to unexpected resources on local networks or to the internet could be made which could lead to information disclosure. • https://github.com/TrueLayer/truelayer-dotnet/commit/75e436ed5360faa73d6e7ce3a9903a3c49505e3e https://github.com/TrueLayer/truelayer-dotnet/security/advisories/GHSA-67m4-qxp3-j6hh • CWE-918: Server-Side Request Forgery (SSRF) •