CVE-2024-0569 – Totolink T8 Setting cstecgi.cgi getSysStatusCfg information disclosure
https://notcve.org/view.php?id=CVE-2024-0569
The manipulation of the argument ssid/key leads to information disclosure. ... Durch das Manipulieren des Arguments ssid/key mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://drive.google.com/file/d/1WSWrGEKUkvPk8hq1VRng-wbR7T6CknGY/view?usp=sharing https://vuldb.com/?ctiid.250785 https://vuldb.com/?id.250785 https://vuldb.com/?submit.263653 https://www.chtsecurity.com/news/8aa31e69-1e7c-4186-8554-7d5d6baeaa84 https://www.chtsecurity.com/news/8f270890-12cc-4623-99a3-a81e00758c29 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVE-2024-0553 – Gnutls: incomplete fix for cve-2023-5981
https://notcve.org/view.php?id=CVE-2024-0553
This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. • http://www.openwall.com/lists/oss-security/2024/01/19/3 https://access.redhat.com/errata/RHSA-2024:0533 https://access.redhat.com/errata/RHSA-2024:0627 https://access.redhat.com/errata/RHSA-2024:0796 https://access.redhat.com/errata/RHSA-2024:1082 https://access.redhat.com/errata/RHSA-2024:1108 https://access.redhat.com/errata/RHSA-2024:1383 https://access.redhat.com/errata/RHSA-2024:2094 https://access.redhat.com/security/cve/CVE-2024-0553 https://bugzilla.red • CWE-203: Observable Discrepancy •
CVE-2023-6592 – FastDup – Fastest WordPress Migration & Duplicator < 2.2 - Directory Listing to Account Takeover and Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-6592
The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files. El complemento FastDup de WordPress anterior a 2.2 no impide el listado de directorios en directorios confidenciales que contienen archivos de exportación. The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.9. This makes it possible for unauthenticated attackers to obtain exports that include sensitive information such as user password hashes. • https://research.cleantalk.org/cve-2023-6592-fastdup-database-users-password-leak-poc-exploit https://wpscan.com/vulnerability/a39bb807-b143-4863-88ff-1783e407d7d4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-22154 – WordPress SalesKing Plugin <= 1.6.15 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2024-22154
This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/salesking/wordpress-salesking-plugin-1-6-15-unauthenticated-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-0490 – Huaxia ERP getAllList information disclosure
https://notcve.org/view.php?id=CVE-2024-0490
The manipulation leads to information disclosure. ... Durch Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access.md https://vuldb.com/?ctiid.250595 https://vuldb.com/?id.250595 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •