CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9256 – Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9256
26 Sep 2024 — Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. • https://www.foxit.com/support/security-bulletins.html • CWE-125: Out-of-bounds Read •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23454 – Apache Hadoop: Temporary File Local Information Disclosure
https://notcve.org/view.php?id=CVE-2024-23454
25 Sep 2024 — Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content. This is because, on unix-like systems, the system temporary directory is shared between all local users. As such, files written in this directory, without setting the correct posix permissions explicitly, may be viewable by all other local users. RunJar.run() de Apache Hadoop no establece permisos para el director... • https://issues.apache.org/jira/browse/HADOOP-19031 • CWE-269: Improper Privilege Management •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2023-25189
https://notcve.org/view.php?id=CVE-2023-25189
25 Sep 2024 — BTS is affected by information disclosure vulnerability where mobile network operator personnel connected over BTS Web Element Manager, regardless of the access privileges, having a possibility to read BTS service operation details performed by Nokia Care service personnel via SSH. • https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25189 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43845 – IBM Aspera Console information disclosure
https://notcve.org/view.php?id=CVE-2022-43845
24 Sep 2024 — IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. • https://www.ibm.com/support/pages/node/7169766 • CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46544 – Apache Tomcat Connectors: mod_jk: local users can view and modify configuration
https://notcve.org/view.php?id=CVE-2024-46544
23 Sep 2024 — Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. ... An Incorrect Default Permissions vulnerability was found in Apache Tomcat Connectors that allows local users to view and modify shared memory containing mod_jk configuration, which may lead to information disclosure and denial of service. ... Issues address... • https://lists.apache.org/thread/q1gp7cc38hs1r8gj8gfnopwznd5fpr4d • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2023-42619 – Gentoo Linux Security Advisory 202409-20
https://notcve.org/view.php?id=CVE-2023-42619
23 Sep 2024 — Please review the referenced CVE identifiers for details. Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure. •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40703 – IBM Cognos Analytics information disclosure
https://notcve.org/view.php?id=CVE-2024-40703
22 Sep 2024 — IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications. • https://www.ibm.com/support/pages/node/7160700 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6786 – MXview One Series vulnerable to Path Traversal
https://notcve.org/view.php?id=CVE-2024-6786
21 Sep 2024 — This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series • CWE-24: Path Traversal: '../filedir' •
CVSS: 3.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8612 – Qemu-kvm: information leak in virtio devices
https://notcve.org/view.php?id=CVE-2024-8612
20 Sep 2024 — Some uninitialized data may exist in the bounce.buffer, leading to an information leak. • https://access.redhat.com/security/cve/CVE-2024-8612 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47087 – Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-47087
19 Sep 2024 — An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0296 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •