CVE-2023-5714 – System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_db_specs)
https://notcve.org/view.php?id=CVE-2023-5714
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve data key specs. El complemento System Dashboard para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación de capacidad en la función sd_db_specs() conectada mediante una acción AJAX en todas las versiones hasta la 2.8.7 incluida. Esto hace posible que los atacantes autenticados, con acceso a nivel de suscriptor y superior, recuperen especificaciones de claves de datos. • https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.7/admin/class-system-dashboard-admin.php#L2942 https://plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.8/admin/class-system-dashboard-admin.php#L2949 https://www.wordfence.com/threat-intel/vulnerabilities/id/53b3ac83-847d-4bd0-a79b-531af266e1b4?source=cve • CWE-862: Missing Authorization •
CVE-2023-44297
https://notcve.org/view.php?id=CVE-2023-44297
An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service. • https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability • CWE-667: Improper Locking CWE-1234: Hardware Internal or Debug Modes Allow Override of Locks •
CVE-2023-44295
https://notcve.org/view.php?id=CVE-2023-44295
A low privilege attacker could potentially exploit this vulnerability, leading to loss of information, and information disclosure. • https://www.dell.com/support/kbdoc/en-us/000219932/dsa-2023-417-dell-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities • CWE-664: Improper Control of a Resource Through its Lifetime •
CVE-2023-28586 – Improper Restriction of Operation within the Bounds of a Memory Buffer in TZ Secure OS
https://notcve.org/view.php?id=CVE-2023-28586
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. • https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2023-5808 – System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products are susceptible to unintended information disclosure via unprivileged access to HNAS configuration backup and diagnostic data.
https://notcve.org/view.php?id=CVE-2023-5808
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. • https://github.com/Arszilla/CVE-2023-5808 https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_are_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_HNAS_configuration_backup_and_diagnostic_data. • CWE-285: Improper Authorization CWE-287: Improper Authentication •