CVE-2024-7418 – The Post Grid <= 7.7.11 - Authenticated (Contributor+) Information Disclosure
https://notcve.org/view.php?id=CVE-2024-7418
The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.7.11 via the post_query_guten and post_query functions. This makes it possible for authenticated attackers, with contributor-level access and above, to extract information from posts that are not public (i.e. draft, future, etc..). • https://plugins.trac.wordpress.org/changeset/3142599/the-post-grid/trunk/app/Controllers/Blocks/BlockBase.php https://plugins.trac.wordpress.org/changeset/3142599/the-post-grid/trunk/app/Widgets/elementor/rtTPGElementorQuery.php https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3142599%40the-post-grid&new=3142599%40the-post-grid&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/dddecb2e-9ad6-4e44-afce-5eba7da6322d?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-22509 – Handling of sensitive data in process memory in NetIQ Advance Authentication
https://notcve.org/view.php?id=CVE-2021-22509
This issue can lead to leakage of sensitive data to unauthorized user. • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2021-22529 – Sensitive Data Exposure leaks potential information in NetIQ Advance Authentication
https://notcve.org/view.php?id=CVE-2021-22529
A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1 • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-39745 – IBM Sterling Connect:Direct Web Services information disclosure
https://notcve.org/view.php?id=CVE-2024-39745
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7166195 https://exchange.xforce.ibmcloud.com/vulnerabilities/297312 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2024-39746 – IBM Sterling Connect:Direct Web Services information disclosure
https://notcve.org/view.php?id=CVE-2024-39746
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. • https://www.ibm.com/support/pages/node/7166018 https://exchange.xforce.ibmcloud.com/vulnerabilities/297313 • CWE-311: Missing Encryption of Sensitive Data •