CVE-2023-52290 – Apache StreamPark (incubating): Unchecked SQL query fields trigger SQL injection vulnerability
https://notcve.org/view.php?id=CVE-2023-52290
The attacker must successfully log into the system to launch an attack, which may cause data leakage. • https://lists.apache.org/thread/t3mcm8pb65d9gj3wrgtj9sx9s2pfvvl3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-40630 – HEIF Heap OOB Read in OpenImageIO
https://notcve.org/view.php?id=CVE-2024-40630
In the worst case, this can lead to an information disclosure vulnerability, particularly for programs that directly use the `ImageInput` APIs. • https://github.com/AcademySoftwareFoundation/OpenImageIO/blob/7c486a1121a4bf71d50ff555fab2770294b748d7/src/heif.imageio/heifinput.cpp#L250 https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/0a2dcb4cf2c3fd4825a146cd3ad929d9d8305ce3 https://github.com/AcademySoftwareFoundation/OpenImageIO/security/advisories/GHSA-jjm9-9m4m-c8p2 • CWE-125: Out-of-bounds Read •
CVE-2024-39826 – Zoom Workplace Apps and SDKs - Path traversal
https://notcve.org/view.php?id=CVE-2024-39826
Path traversal in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information disclosure via network access. • https://www.zoom.com/en/trust/security-bulletin/zsb-24023 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2024-6398
https://notcve.org/view.php?id=CVE-2024-6398
An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. ... Any information disclosed depends on how the customers have customized the block pages. • https://thrive.trellix.com/s/article/000013694 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-39740 – IBM Datacap Navigator information disclosure
https://notcve.org/view.php?id=CVE-2024-39740
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. • https://exchange.xforce.ibmcloud.com/vulnerabilities/296009 https://www.ibm.com/support/pages/node/7160185 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •