CVE-2024-39379 – Acrobat for Edge | Out-of-bounds Read (CWE-125)
https://notcve.org/view.php?id=CVE-2024-39379
An attacker could exploit this vulnerability to read contents from a location in memory past the buffer boundary, potentially leading to sensitive information disclosure. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-39379 • CWE-125: Out-of-bounds Read •
CVE-2024-41916 – Authenticated Sensitive Information Disclosure in ClearPass Policy Manager
https://notcve.org/view.php?id=CVE-2024-41916
A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04675en_us&docLocale=en_US •
CVE-2022-33167 – IBM Security Directory Integrator information disclosure
https://notcve.org/view.php?id=CVE-2022-33167
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228587 https://www.ibm.com/support/pages/node/7161469 • CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •
CVE-2024-5486 – Authenticated Sensitive Information Disclosure in ClearPass Policy Manager
https://notcve.org/view.php?id=CVE-2024-5486
A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04675en_us&docLocale=en_US •
CVE-2024-41944 – Sensitive Information Disclosure abusing SQL Injection in Xibo CMS proof of play report
https://notcve.org/view.php?id=CVE-2024-41944
Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `report/data/proofofplayReport` API route inside the CMS. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `sortBy` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue. • https://github.com/xibosignage/xibo-cms/commit/c60cfd8727da77b9db10297148eadd697ebec353.patch https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-v6q4-h869-gm3r https://xibosignage.com/blog/security-advisory-2024-07 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •