CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4319 – Advanced Contact form 7 DB <= 2.0.2 - Missing Authorization to Unauthenticated Information Disclosure
https://notcve.org/view.php?id=CVE-2024-4319
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for submitted forms. El complemento Advanced Contact form 7 DB para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación de capacidad en la función 'vsz_cf7_export_to_excel' en versiones hasta la 2.0.2 incluida. Esto hace posible que atacantes no autenticados descarguen los datos de entrada de los formularios enviados. • https://plugins.trac.wordpress.org/browser/advanced-cf7-db/trunk/admin/class-advanced-cf7-db-admin.php#L1459 https://www.wordfence.com/threat-intel/vulnerabilities/id/2c66b185-fd4b-452d-890b-0f1850d8a7be?source=cve • CWE-862: Missing Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36405 – Control-flow timing leak in Kyber reference implementation when compiled with Clang 15-18 for -Os, -O1 and other options
https://notcve.org/view.php?id=CVE-2024-36405
As a possible workaround, some compiler options may produce vectorized code that does not leak secret information, however relying on these compiler options as a workaround may not be reliable. • https://github.com/open-quantum-safe/liboqs/blob/7eecda6095c003ddded7175a1ffdf35a2ce63ed5/src/kem/kyber/pqcrystals-kyber_kyber512_ref/poly.c#L166 https://github.com/open-quantum-safe/liboqs/commit/982c762c242ef549c914891b47bf6e0ed6321f91 https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-f2v9-5498-2vpp https://github.com/pq-crystals/kyber/commit/9b8d30698a3e7449aeb34e62339d4176f11e3c6c • CWE-208: Observable Timing Discrepancy CWE-385: Covert Timing Channel •
CVSS: 4.0EPSS: 0%CPEs: -EXPL: 0CVE-2023-4458 – Kernel: ksmbd: smb2_open out-of-bounds read information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2023-4458
An attacker can leverage this to disclose sensitive information on affected installations of Linux. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. • https://access.redhat.com/security/cve/CVE-2023-4458 https://bugzilla.redhat.com/show_bug.cgi?id=2325516 https://www.zerodayinitiative.com/advisories/ZDI-24-590 • CWE-125: Out-of-bounds Read •
CVSS: 5.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-39176 – Kernel: ksmbd: transform header out-of-bounds read information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2023-39176
An attacker can leverage this to disclose sensitive information on affected installations of Linux. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. • https://access.redhat.com/security/cve/CVE-2023-39176 https://bugzilla.redhat.com/show_bug.cgi?id=2326503 https://www.zerodayinitiative.com/advisories/ZDI-24-586 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2023-39179 – Kernel: ksmbd: read request out-of-bounds read information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2023-39179
An attacker can leverage this to disclose sensitive information on affected installations of Linux. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. • https://access.redhat.com/security/cve/CVE-2023-39179 https://bugzilla.redhat.com/show_bug.cgi?id=2326529 https://www.zerodayinitiative.com/advisories/ZDI-24-586 • CWE-125: Out-of-bounds Read •