CVE-2024-37896 – SQL injection vulnerability in Gin-vue-admin
https://notcve.org/view.php?id=CVE-2024-37896
This could lead to unauthorized access to the database, data leakage, data manipulation, or even complete compromise of the database server. • https://github.com/flipped-aurora/gin-vue-admin/commit/53d03382188868464ade489ab0713b54392d227f https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-gf3r-h744-mqgp • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-31870 – IBM i information disclosure
https://notcve.org/view.php?id=CVE-2024-31870
IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in further attacks. IBM X-Force ID: 287174. IBM Db2 para i 7.2, 7.3, 7.4 y 7.5 proporciona una función de tabla definida por el usuario que es vulnerable a la enumeración de usuarios por parte de un atacante local autenticado, sin tener autoridad sobre los objetos *USRPRF relacionados. Esto puede ser utilizado por un actor malintencionado para recopilar información sobre los usuarios que pueden ser objeto de futuros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/287174 https://www.ibm.com/support/pages/node/7157638 • CWE-204: Observable Response Discrepancy •
CVE-2024-27163 – Leak of admin password and passwords
https://notcve.org/view.php?id=CVE-2024-27163
Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the printer. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2024-27157 – Leak of authentication sessions in secure logs
https://notcve.org/view.php?id=CVE-2024-27157
The sessions are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL. Las sesiones se almacenan en registros de texto plano. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2024-27156 – Leak of authentication sessions in secure logs
https://notcve.org/view.php?id=CVE-2024-27156
The session cookies, used for authentication, are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL. Las cookies de sesión, utilizadas para la autenticación, se almacenan en registros de texto plano. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-532: Insertion of Sensitive Information into Log File •