CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7256 – Debian Security Advisory 5735-1
https://notcve.org/view.php?id=CVE-2024-7256
01 Aug 2024 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-6993 – Debian Security Advisory 5735-1
https://notcve.org/view.php?id=CVE-2024-6993
01 Aug 2024 — Reported by Anonymous * CVE-2024-7001: Inappropriate implementation in HTML * CVE-2024-7003: Inappropriate implementation in FedCM * CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-7005: Insufficient validation of untrusted input in Safe Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7328 – YouDianCMS information disclosure
https://notcve.org/view.php?id=CVE-2024-7328
31 Jul 2024 — The manipulation leads to information disclosure. ... NOTE: The vendor was contacted early about this disclosure but did not respond in any way. ... Dank der Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://vuldb.com/?ctiid.273251 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41108 – FOG Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2024-41108
31 Jul 2024 — The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. ... The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. • https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/packages/web/service/hostinfo.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37135
https://notcve.org/view.php?id=CVE-2024-37135
31 Jul 2024 — DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. • https://www.dell.com/support/kbdoc/en-us/000227424/dsa-2024-290-security-update-for-dell-powerprotect-data-manager-appliance-dm5500-for-multiple-vulnerabilities • CWE-256: Plaintext Storage of a Password •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39379 – Acrobat for Edge | Out-of-bounds Read (CWE-125)
https://notcve.org/view.php?id=CVE-2024-39379
31 Jul 2024 — An attacker could exploit this vulnerability to read contents from a location in memory past the buffer boundary, potentially leading to sensitive information disclosure. ... Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-39379 • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41916 – Authenticated Sensitive Information Disclosure in ClearPass Policy Manager
https://notcve.org/view.php?id=CVE-2024-41916
30 Jul 2024 — A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04675en_us&docLocale=en_US •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-33167 – IBM Security Directory Integrator information disclosure
https://notcve.org/view.php?id=CVE-2022-33167
30 Jul 2024 — IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228587 • CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5486 – Authenticated Sensitive Information Disclosure in ClearPass Policy Manager
https://notcve.org/view.php?id=CVE-2024-5486
30 Jul 2024 — A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04675en_us&docLocale=en_US •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41944 – Sensitive Information Disclosure abusing SQL Injection in Xibo CMS proof of play report
https://notcve.org/view.php?id=CVE-2024-41944
30 Jul 2024 — Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `report/data/proofofplayReport` API route inside the CMS. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `sortBy` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue. • https://github.com/xibosignage/xibo-cms/commit/c60cfd8727da77b9db10297148eadd697ebec353.patch • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •