CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46544 – Apache Tomcat Connectors: mod_jk: local users can view and modify configuration
https://notcve.org/view.php?id=CVE-2024-46544
Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. ... An Incorrect Default Permissions vulnerability was found in Apache Tomcat Connectors that allows local users to view and modify shared memory containing mod_jk configuration, which may lead to information disclosure and denial of service. • https://lists.apache.org/thread/q1gp7cc38hs1r8gj8gfnopwznd5fpr4d https://access.redhat.com/security/cve/CVE-2024-46544 https://bugzilla.redhat.com/show_bug.cgi?id=2314194 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40703 – IBM Cognos Analytics information disclosure
https://notcve.org/view.php?id=CVE-2024-40703
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications. • https://www.ibm.com/support/pages/node/7160700 https://www.ibm.com/support/pages/node/7168038 • CWE-522: Insufficiently Protected Credentials •
CVSS: 3.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8612 – Qemu-kvm: information leak in virtio devices
https://notcve.org/view.php?id=CVE-2024-8612
The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak. • https://access.redhat.com/security/cve/CVE-2024-8612 https://bugzilla.redhat.com/show_bug.cgi?id=2313760 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47087 – Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-47087
This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters (Client ID, DPID or BOID) in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0296 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46979 – Data leak of notification filters of users in XWiki Platform
https://notcve.org/view.php?id=CVE-2024-46979
The filters do not provide much information (they mainly contain references which are public data in XWiki), though some info could be used in combination with other vulnerabilities. ... The patch consists in checking the rights of the user when sending the data. • https://github.com/xwiki/xwiki-platform/commit/c8c6545f9bde6f5aade994aa5b5903a67b5c2582 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pg4m-3gp6-hw4w https://jira.xwiki.org/browse/XWIKI-20336 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •