CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46544 – Apache Tomcat Connectors: mod_jk: local users can view and modify configuration
https://notcve.org/view.php?id=CVE-2024-46544
Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. ... An Incorrect Default Permissions vulnerability was found in Apache Tomcat Connectors that allows local users to view and modify shared memory containing mod_jk configuration, which may lead to information disclosure and denial of service. • https://lists.apache.org/thread/q1gp7cc38hs1r8gj8gfnopwznd5fpr4d https://access.redhat.com/security/cve/CVE-2024-46544 https://bugzilla.redhat.com/show_bug.cgi?id=2314194 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40703 – IBM Cognos Analytics information disclosure
https://notcve.org/view.php?id=CVE-2024-40703
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications. • https://www.ibm.com/support/pages/node/7160700 https://www.ibm.com/support/pages/node/7168038 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6786 – MXview One Series vulnerable to Path Traversal
https://notcve.org/view.php?id=CVE-2024-6786
This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05 • CWE-24: Path Traversal: '../filedir' •
CVSS: 3.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8612 – Qemu-kvm: information leak in virtio devices
https://notcve.org/view.php?id=CVE-2024-8612
Some uninitialized data may exist in the bounce.buffer, leading to an information leak. • https://access.redhat.com/security/cve/CVE-2024-8612 https://bugzilla.redhat.com/show_bug.cgi?id=2313760 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47087 – Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-47087
An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0296 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •