CVE-2024-20457 – Cisco Unified Communications Manager IM & Presence Service Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-20457
A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of unencrypted credentials in certain logs. ... A successful exploit could allow the attacker to access sensitive information from the device. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-20445 – Cisco IP Phone 7800, 8800, and 9800 Series Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-20445
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. ... A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing call records. Note: Web Access is disabled by default. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-10916 – D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L HTTP GET Request info.xml information disclosure
https://notcve.org/view.php?id=CVE-2024-10916
The manipulation leads to information disclosure. ... Mittels Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://netsecfish.notion.site/Information-Disclosure-Vulnerability-Report-in-xml-info-xml-for-D-Link-NAS-12d6b683e67c8019a311e699582f51b6? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVE-2024-6861 – Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api
https://notcve.org/view.php?id=CVE-2024-6861
A disclosure of sensitive information flaw was found in foreman via the GraphQL API. • https://access.redhat.com/errata/RHSA-2022:8506 https://access.redhat.com/security/cve/CVE-2024-6861 https://bugzilla.redhat.com/show_bug.cgi?id=2317450 https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2 https://projects.theforeman.org/issues/34328 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-49773 – Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SuiteCRM
https://notcve.org/view.php?id=CVE-2024-49773
Allows for Information disclosure, including personally identifiable information. • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-5hr4-r43c-6qf7 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •