CVE-2024-41108 – FOG Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2024-41108
This data can only be retrieved if a task is pending on that host. • https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/packages/web/service/hostinfo.php https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/packages/web/service/hostname.php https://github.com/FOGProject/fogproject/security/advisories/GHSA-p3f9-4jj4-fm2g • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-37135
https://notcve.org/view.php?id=CVE-2024-37135
DM5500 5.16.0.0, contains an information disclosure vulnerability. • https://www.dell.com/support/kbdoc/en-us/000227424/dsa-2024-290-security-update-for-dell-powerprotect-data-manager-appliance-dm5500-for-multiple-vulnerabilities • CWE-256: Plaintext Storage of a Password •
CVE-2024-39379 – Acrobat for Edge | Out-of-bounds Read (CWE-125)
https://notcve.org/view.php?id=CVE-2024-39379
An attacker could exploit this vulnerability to read contents from a location in memory past the buffer boundary, potentially leading to sensitive information disclosure. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-39379 • CWE-125: Out-of-bounds Read •
CVE-2024-41916 – Authenticated Sensitive Information Disclosure in ClearPass Policy Manager
https://notcve.org/view.php?id=CVE-2024-41916
A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04675en_us&docLocale=en_US •
CVE-2022-33167 – IBM Security Directory Integrator information disclosure
https://notcve.org/view.php?id=CVE-2022-33167
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 228587. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228587 https://www.ibm.com/support/pages/node/7161469 • CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •