CVE-2023-49795 – MindsDB Server-Side Request Forgery vulnerability
https://notcve.org/view.php?id=CVE-2023-49795
MindsDB connects artificial intelligence models to real time data. ... This can lead to limited information disclosure. • https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d8fe https://github.com/mindsdb/mindsdb/security/advisories/GHSA-34mr-6q8x-g9r6 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2023-6538 – System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products is susceptible to unintended information disclosure via unprivileged access to SMU configuration backup data.
https://notcve.org/view.php?id=CVE-2023-6538
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. ... Hitachi NAS (HNAS) System Management Unit (SMU) version 14.8.7825 suffers from an information disclosure vulnerability. • https://www.exploit-db.com/exploits/51915 https://github.com/Arszilla/CVE-2023-6538 https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_is_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_SMU_configuration_backup_data. • CWE-285: Improper Authorization •
CVE-2023-47722 – IBM API Connect information disclosure
https://notcve.org/view.php?id=CVE-2023-47722
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912. IBM API Connect V10.0.5.3 y V10.0.6.0 almacena las credenciales de usuario en la memoria caché del navegador que un usuario local puede leer. ID de IBM X-Force: 271912. • https://exchange.xforce.ibmcloud.com/vulnerabilities/271912 https://www.ibm.com/support/pages/node/7087806 • CWE-522: Insufficiently Protected Credentials •
CVE-2023-50431
https://notcve.org/view.php?id=CVE-2023-50431
sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized. sec_attest_info en drivers/accel/habanalabs/common/habanalabs_ioctl.c en el kernel de Linux hasta 6.6.5 permite una fuga de información al espacio del usuario porque info->pad0 no está inicializado. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a9f07790a4b2250f0140e9a61c7f842fd9b618c7 https://lists.freedesktop.org/archives/dri-devel/2023-November/431772.html •
CVE-2023-6615 – Typecho manage-users.php information disclosure
https://notcve.org/view.php?id=CVE-2023-6615
The manipulation of the argument page leads to information disclosure. ... Durch die Manipulation des Arguments page mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/JTZ-a/SRC/blob/master/Typecho/Typecho-Information%20leakage/en-us.md https://vuldb.com/?ctiid.247250 https://vuldb.com/?id.247250 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •