CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33855 – IBM Common Cryptographic Architecture information disclosure
https://notcve.org/view.php?id=CVE-2023-33855
Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676. Bajo ciertas condiciones, las operaciones RSA realizadas por IBM Common Cryptographic Architecture (CCA) 7.0.0 a 7.5.36 pueden exhibir un comportamiento de tiempo no constante. Esto podría permitir que un atacante remoto obtenga información confidencial mediante un ataque basado en tiempo. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257676 https://www.ibm.com/support/pages/node/7145168 • CWE-385: Covert Timing Channel •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30233 – WordPress WholesaleX plugin <= 1.3.1 - Sensitive Data Exposure on User Export vulnerability
https://notcve.org/view.php?id=CVE-2024-30233
This makes it possible for authenticated attackers, with access to the admin dashboard (Subscribers, though with WooCommerce installed this would be limited to contributors by default) to extract sensitive data including lists of users. • https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-1-sensitive-data-exposure-on-user-export-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2261 – Event Tickets and Registration <= 5.8.2 - Improper Authorization to Information Disclosure
https://notcve.org/view.php?id=CVE-2024-2261
This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including emails and street addresses. • https://plugins.trac.wordpress.org/changeset?old_path=/event-tickets/tags/5.8.2&old=3059268&new_path=/event-tickets/tags/5.8.3&new=3059268&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/2e42dd1c-adf7-471a-a14a-9038c56413a2?source=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 1CVE-2024-29059 – .NET Framework Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-29059
.NET Framework Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de .NET Framework • https://github.com/codewhitesec/HttpRemotingObjRefLeak https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29059 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32751 – IBM Security Verify Directory information disclosure
https://notcve.org/view.php?id=CVE-2022-32751
IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. IBM X-Force ID: 228437. IBM Security Verify Directory 10.0.0 podría revelar información confidencial del servidor que podría usarse en futuros ataques contra el sistema. ID de IBM X-Force: 228437. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228437 https://www.ibm.com/support/pages/node/7145001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •