CVSS: 5.3EPSS: 0%CPEs: 19EXPL: 1CVE-2024-21733 – Apache Tomcat: Leaking of unrelated request bodies in default error page
https://notcve.org/view.php?id=CVE-2024-21733
An information disclosure vulnerability was found in Apache Tomcat. Incomplete POST requests triggered an error response that could contain data from a previous HTTP request. • https://github.com/LtmThink/CVE-2024-21733 http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html http://www.openwall.com/lists/oss-security/2024/01/19/2 https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz https://security.netapp.com/advisory/ntap-20240216-0005 https://access.redhat.com/security/cve/CVE-2024-21733 https://bugzilla.redhat.com/show_bug.cgi?id=2259204 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38738 – IBM OpenPages with Watson information disclosure
https://notcve.org/view.php?id=CVE-2023-38738
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594. IBM OpenPages con Watson 8.3 y 9.0 podría proporcionar una seguridad más débil de lo esperado en un entorno OpenPages utilizando autenticación nativa. Si OpenPages utiliza autenticación nativa, un atacante con acceso a la base de datos de OpenPages podría, mediante una serie de pasos especialmente manipulados, explotar esta debilidad y obtener acceso no autorizado a otras cuentas de OpenPages. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262594 https://www.ibm.com/support/pages/node/7107775 • CWE-257: Storing Passwords in a Recoverable Format •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2023-48354
https://notcve.org/view.php?id=CVE-2023-48354
This could lead to local information disclosure with no additional execution privileges needed En telephone service existe una posible validación de entrada incorrecta. • https://www.unisoc.com/en_us/secy/announcementDetail/1745735200442220545 •
CVSS: 4.4EPSS: 0%CPEs: 16EXPL: 0CVE-2023-48339
https://notcve.org/view.php?id=CVE-2023-48339
This could lead to local information disclosure with System execution privileges needed En jpg driver, es posible que falte una verificación de permiso. • https://www.unisoc.com/en_us/secy/announcementDetail/1745735200442220545 • CWE-862: Missing Authorization •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7031 – Avaya Experience Portal Manager Insecure Direct Object Reference Vulnerabilities
https://notcve.org/view.php?id=CVE-2023-7031
Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. • https://support.avaya.com/css/public/documents/101088063 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-639: Authorization Bypass Through User-Controlled Key •