CVE-2024-31916 – IBM OpenBMC information disclosure
https://notcve.org/view.php?id=CVE-2024-31916
IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. IBM X-ForceID: 290026. • https://exchange.xforce.ibmcloud.com/vulnerabilities/290026 https://www.ibm.com/support/pages/node/7158679 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVE-2023-30430 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2023-30430
IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252183 https://www.ibm.com/support/pages/node/7158789 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2024-37270 – WordPress TrustedLogin Vendor plugin < 1.1.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-37270
This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/vendor/wordpress-trustedlogin-vendor-plugin-1-1-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVE-2024-37141
https://notcve.org/view.php?id=CVE-2024-37141
A remote low privileged attacker could potentially exploit this vulnerability, leading to information disclosure. • https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2024-28973
https://notcve.org/view.php?id=CVE-2024-28973
A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery Dell PowerProtect DD, versiones anteriores a 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contienen una vulnerabilidad de Cross-Site Scripting Almacenado. • https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •