CVSS: 5.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-49201
https://notcve.org/view.php?id=CVE-2024-49201
18 Dec 2024 — Keyfactor Remote File Orchestrator (aka remote-file-orchestrator) 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level. • https://github.com/Keyfactor/remote-file-orchestrator/releases/tag/2.8.1 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56142 – Path Traversal in pghoard
https://notcve.org/view.php?id=CVE-2024-56142
17 Dec 2024 — Depending on the permissions/privileges assigned to pghoard, this could allow disclosure of sensitive information. • https://github.com/Aiven-Open/pghoard/security/advisories/GHSA-m9hc-vxjj-4x6q • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49816 – IBM Security Guardium Key Lifecycle Manager information disclosure
https://notcve.org/view.php?id=CVE-2024-49816
17 Dec 2024 — IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user. IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user. • https://www.ibm.com/support/pages/node/7175067 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49820 – IBM Security Guardium Key Lifecycle Manager information disclosure
https://notcve.org/view.php?id=CVE-2024-49820
17 Dec 2024 — IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information<... • https://www.ibm.com/support/pages/node/7175067 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49819 – IBM Security Guardium Key Lifecycle Manager information disclosure
https://notcve.org/view.php?id=CVE-2024-49819
17 Dec 2024 — IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors. IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors. • https://www.ibm.com/support/pages/node/7175067 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49818 – IBM Security Guardium Key Lifecycle Manager information disclosure
https://notcve.org/view.php?id=CVE-2024-49818
17 Dec 2024 — IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7175067 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49817 – IBM Security Guardium Key Lifecycle Manager information disclosure
https://notcve.org/view.php?id=CVE-2024-49817
17 Dec 2024 — IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user. • https://www.ibm.com/support/pages/node/7175067 • CWE-260: Password in Configuration File •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26281 – Information disclosure vulnerability in Alarm clock module
https://notcve.org/view.php?id=CVE-2021-26281
17 Dec 2024 — Some parameters of the alarm clock module are improperly stored, leaking some sensitive information. • https://www.vivo.com/en/support/security-advisory-detail?id=9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26279 – Information disclosure vulnerability in Weather module
https://notcve.org/view.php?id=CVE-2021-26279
17 Dec 2024 — Some parameters of the weather module are improperly stored, leaking some sensitive information. • https://www.vivo.com/en/support/security-advisory-detail?id=10 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12447 – Get Post Content Shortcode <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content Shortcode
https://notcve.org/view.php?id=CVE-2024-12447
13 Dec 2024 — The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the content of password-protected, private, draft, and pending posts. • https://plugins.trac.wordpress.org/browser/get-post-content-shortcode/trunk/get-post-content-shortcode.php#L106 • CWE-639: Authorization Bypass Through User-Controlled Key •