CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-9256 – Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9256
Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. ... The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. ... The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. • https://www.foxit.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-24-1309 • CWE-125: Out-of-bounds Read •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23454 – Apache Hadoop: Temporary File Local Information Disclosure
https://notcve.org/view.php?id=CVE-2024-23454
If sensitive data will be present in this file, all the other local users may be able to view the content. This is because, on unix-like systems, the system temporary directory is shared between all local users. • https://issues.apache.org/jira/browse/HADOOP-19031 https://lists.apache.org/thread/xlo7q8kn4tsjvx059r789oz19hzgfkfs • CWE-269: Improper Privilege Management •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2023-25189
https://notcve.org/view.php?id=CVE-2023-25189
BTS is affected by information disclosure vulnerability where mobile network operator personnel connected over BTS Web Element Manager, regardless of the access privileges, having a possibility to read BTS service operation details performed by Nokia Care service personnel via SSH. • https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25189 • CWE-863: Incorrect Authorization •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43845 – IBM Aspera Console information disclosure
https://notcve.org/view.php?id=CVE-2022-43845
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. • https://www.ibm.com/support/pages/node/7169766 • CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46544 – Apache Tomcat Connectors: mod_jk: local users can view and modify configuration
https://notcve.org/view.php?id=CVE-2024-46544
Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. ... An Incorrect Default Permissions vulnerability was found in Apache Tomcat Connectors that allows local users to view and modify shared memory containing mod_jk configuration, which may lead to information disclosure and denial of service. • https://lists.apache.org/thread/q1gp7cc38hs1r8gj8gfnopwznd5fpr4d https://access.redhat.com/security/cve/CVE-2024-46544 https://bugzilla.redhat.com/show_bug.cgi?id=2314194 • CWE-276: Incorrect Default Permissions •