CVE-2024-51770 – Hewlett Packard Enterprise AutoPass License Server XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-51770
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise AutoPass License Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 5814 by default. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. •
CVE-2024-11961 – Guangzhou Huayi Intelligent Technology Jeewms WmOmNoticeHController.java preHandle information disclosure
https://notcve.org/view.php?id=CVE-2024-11961
The manipulation of the argument request leads to information disclosure. ... Mit der Manipulation des Arguments request mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/dycccccccc/JEEWMS/blob/main/JEEWMS%20Shipper%20Information%20Leakage.docx https://vuldb.com/?ctiid.286343 https://vuldb.com/?id.286343 https://vuldb.com/?submit.445596 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVE-2018-9377
https://notcve.org/view.php?id=CVE-2018-9377
In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. • https://source.android.com/docs/security/bulletin/pixel/2018-06-01 • CWE-908: Use of Uninitialized Resource •
CVE-2024-53768 – WordPress Content Audit Exporter plugin <= 1.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-53768
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in IDE Interactive Content Audit Exporter allows Retrieve Embedded Sensitive Data.This issue affects Content Audit Exporter: from n/a through 1.1. The Content Audit Exporter plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/content-audit-exporter/vulnerability/wordpress-content-audit-exporter-plugin-1-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVE-2017-13321
https://notcve.org/view.php?id=CVE-2017-13321
This could lead to local information disclosure with no additional execution privileges needed. • https://source.android.com/docs/security/bulletin/pixel/2018-05-01 • CWE-125: Out-of-bounds Read •