CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4164 – There is a possible information disclosure due to a missing permission check in Pixel Watch
https://notcve.org/view.php?id=CVE-2023-4164
There is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of health data with no additional execution privileges needed. • https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0191 – RRJ Nueva Ecija Engineer Online Portal file information disclosure
https://notcve.org/view.php?id=CVE-2024-0191
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. • https://mega.nz/file/uZt00bIA#uqwP2WkWK5kbKOUbRrgbZY4_-4enuhFw5O9LtJ_cclY https://vuldb.com/?ctiid.249504 https://vuldb.com/?id.249504 • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6693 – Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx()
https://notcve.org/view.php?id=CVE-2023-6693
Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak. • https://access.redhat.com/errata/RHSA-2024:2962 https://access.redhat.com/security/cve/CVE-2023-6693 https://bugzilla.redhat.com/show_bug.cgi?id=2254580 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGUN5HVOXESW7MSNM44E4AE2VNXQB6Y https://security.netapp.com/advisory/ntap-20240208-0004 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.6EPSS: 0%CPEs: 74EXPL: 0CVE-2023-33014 – Improper Input Validation in Services
https://notcve.org/view.php?id=CVE-2023-33014
Information disclosure in Core services while processing a Diag command. • https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 2CVE-2023-26159 – follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()
https://notcve.org/view.php?id=CVE-2023-26159
An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches. ... This issue could allow an attacker to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches. • https://github.com/follow-redirects/follow-redirects/issues/235 https://github.com/follow-redirects/follow-redirects/pull/236 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZ425BFKNBQ6AK7I5SAM56TWON5OF2XM https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137 https://access.redhat.com/security/cve/CVE-2023-26159 https://bugzilla.redhat.com/show_bug.cgi?id=2256413 • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •