CVE-2024-38747 – WordPress HitPay Payment Gateway for WooCommerce plugin <= 4.1.3 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-38747
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects HitPay Payment Gateway for WooCommerce: from n/a through 4.1.3. The HitPay Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.1.3 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files. • https://patchstack.com/database/vulnerability/hitpay-payment-gateway/wordpress-hitpay-payment-gateway-for-woocommerce-plugin-4-1-3-sensitive-data-exposure-via-log-file-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVE-2024-6235 – Sensitive information disclosure
https://notcve.org/view.php?id=CVE-2024-6235
Sensitive information disclosure in NetScaler Console Divulgación de información confidencial en NetScaler Console • https://support.citrix.com/article/CTX677998 • CWE-287: Improper Authentication •
CVE-2024-6646 – Netgear WN604 Web Interface downloadFile.php information disclosure
https://notcve.org/view.php?id=CVE-2024-6646
The manipulation of the argument file with the input config leads to information disclosure. ... NOTE: The vendor was contacted early about this disclosure but did not respond in any way. ... Dank Manipulation des Arguments file mit der Eingabe config mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/inviewp/CVE-2024-6646 https://github.com/mikutool/vul/issues/1 https://vuldb.com/?ctiid.271052 https://vuldb.com/?id.271052 https://vuldb.com/?submit.367382 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-33860 – IBM Security ReaQta information disclosure
https://notcve.org/view.php?id=CVE-2023-33860
IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257702. IBM Security QRadar EDR 3.12 no establece el atributo seguro en tokens de autorización o cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257702 https://www.ibm.com/support/pages/node/7159770 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVE-2023-33859 – IBM Security ReaQta information disclosure
https://notcve.org/view.php?id=CVE-2023-33859
IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257697 https://www.ibm.com/support/pages/node/7159770 • CWE-204: Observable Response Discrepancy •