CVE-2022-35640 – IBM Sterling Partner Engagement Manager information disclosure
https://notcve.org/view.php?id=CVE-2022-35640
IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error message is returned. IBM X-Force ID: 230933. • https://exchange.xforce.ibmcloud.com/vulnerabilities/230933 https://www.ibm.com/support/pages/node/7160300 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2024-21164 – Oracle VirtualBox EHCI USB Controller Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-21164
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. • https://www.oracle.com/security-alerts/cpujul2024.html •
CVE-2024-6395 – GitHub Enterprise Server Information Disclosure Vulnerability Exposes Private Repository Names via Deploy Keys
https://notcve.org/view.php?id=CVE-2024-6395
An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program. • https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12 https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6 https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1 https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17 https://help.github.com/enterprise-server@3.10/admin/release-notes#3.10.15 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-6336 – Security misconfiguration was identified in GitHub Enterprise Server that allowed sensitive data exposure
https://notcve.org/view.php?id=CVE-2024-6336
A Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized users in GitHub Enterprise Server by exploiting organization ruleset feature. • https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.15 https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12 https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6 https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1 https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-45449
https://notcve.org/view.php?id=CVE-2022-45449
Sensitive information disclosure due to excessive privileges assigned to Acronis Agent. • https://security-advisory.acronis.com/advisories/SEC-5279 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •