CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37395 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2023-37395
11 Dec 2024 — IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. • https://www.ibm.com/support/pages/node/7148632 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35117 – IBM OpenPages with Watson information disclosure
https://notcve.org/view.php?id=CVE-2024-35117
11 Dec 2024 — IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user. • https://www.ibm.com/support/pages/node/7165392 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54279 – WordPress WP-NERD Toolkit plugin <= 1.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-54279
11 Dec 2024 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPNERD WP-NERD Toolkit.This issue affects WP-NERD Toolkit: from n/a through 1.1. The WP-NERD Toolkit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1. • https://patchstack.com/database/wordpress/plugin/wp-nerd-toolkit/vulnerability/wordpress-wp-nerd-toolkit-plugin-1-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54309 – WordPress PostBox plugin <= 1.0.4 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-54309
11 Dec 2024 — Insertion of Sensitive Information Into Sent Data vulnerability in wpdebuglog PostBox allows Retrieve Embedded Sensitive Data.This issue affects PostBox: from n/a through 1.0.4. • https://patchstack.com/database/wordpress/plugin/postbox-email-logs/vulnerability/wordpress-postbox-plugin-1-0-4-sensitive-data-exposure-vulnerability? • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-862: Missing Authorization •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12548 – Tungsten Automation Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-12548
11 Dec 2024 — Tungsten Automation Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. • https://www.zerodayinitiative.com/advisories/ZDI-24-1680 • CWE-416: Use After Free •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12550 – Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-12550
11 Dec 2024 — Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. • https://www.zerodayinitiative.com/advisories/ZDI-24-1678 • CWE-125: Out-of-bounds Read •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-53246 – Sensitive Information Disclosure through SPL commands
https://notcve.org/view.php?id=CVE-2024-53246
10 Dec 2024 — In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. • https://advisory.splunk.com/advisories/SVD-2024-1204 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-53243 – Information Disclosure in Mobile Alert Responses in Splunk Secure Gateway
https://notcve.org/view.php?id=CVE-2024-53243
10 Dec 2024 — In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see alert search query responses using Splunk Secure Gateway App Key Value Store (KVstore) collections endpoints due to improper access control. • https://advisory.splunk.com/advisories/SVD-2024-1201 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53245 – Information Disclosure due to Username Collision with a Role that has the same Name as the User
https://notcve.org/view.php?id=CVE-2024-53245
10 Dec 2024 — In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard. • https://advisory.splunk.com/advisories/SVD-2024-1203 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 26EXPL: 0CVE-2024-49082 – Windows File Explorer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-49082
10 Dec 2024 — Windows File Explorer Information Disclosure Vulnerability This vulnerability allows remote attackers to delete arbitrary files or disclose sensitive information on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to delete files or disclose information in the context of the current user. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49082 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •