CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40697 – IBM Common Licensing information disclosure
https://notcve.org/view.php?id=CVE-2024-40697
13 Aug 2024 — IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 297895. • https://exchange.xforce.ibmcloud.com/vulnerabilities/297895 • CWE-521: Weak Password Requirements •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41736 – Information Disclosure vulnerability in SAP Permit to Work
https://notcve.org/view.php?id=CVE-2024-41736
13 Aug 2024 — Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application. Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application. • https://me.sap.com/notes/3475427 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-41737 – Server-Side Request Forgery (SSRF) in SAP CRM ABAP (Insights Management)
https://notcve.org/view.php?id=CVE-2024-41737
13 Aug 2024 — On successful exploitation this can result in information disclosure. ... On successful exploitation this can result in information disclosure. • https://me.sap.com/notes/3487537 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-41733 – Information Disclosure Vulnerability in SAP Commerce
https://notcve.org/view.php?id=CVE-2024-41733
13 Aug 2024 — In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this knowledge. The attacker must already know the e-mail that they wish to test for. The impact on confidentiality therefore is low and no impact to integrity or availability In SAP Commerce, valid user accounts can be identified during the customer registration a... • https://me.sap.com/notes/3471450 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-33003 – Information Disclosure Vulnerability in SAP Commerce Cloud
https://notcve.org/view.php?id=CVE-2024-33003
13 Aug 2024 — Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. • https://me.sap.com/notes/3459935 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7722 – Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-7722
13 Aug 2024 — Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. • https://www.zerodayinitiative.com/advisories/ZDI-24-1124 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34125 – ZDI-CAN-24027: Adobe Dimension GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-34125
13 Aug 2024 — Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. • https://helpx.adobe.com/security/products/dimension/apsb24-47.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34126 – ZDI-CAN-24028: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-34126
13 Aug 2024 — Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. • https://helpx.adobe.com/security/products/dimension/apsb24-47.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39387 – ZDI-CAN-24047: Adobe Bridge AVI FIle Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-39387
13 Aug 2024 — Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. • https://helpx.adobe.com/security/products/bridge/apsb24-59.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41833 – ZDI-CAN-24310: Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-41833
13 Aug 2024 — Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. • https://helpx.adobe.com/security/products/acrobat/apsb24-57.html • CWE-125: Out-of-bounds Read •