CVE-2023-40073
https://notcve.org/view.php?id=CVE-2023-40073
This could lead to local information disclosure with no additional execution privileges needed. • https://android.googlesource.com/platform/frameworks/base/+/fe6fef4f9c1f75c12bffa4a1d16d9990cc3fbc35 https://source.android.com/security/bulletin/2023-12-01 •
CVE-2023-35668
https://notcve.org/view.php?id=CVE-2023-35668
This could lead to local information disclosure with no additional execution privileges needed. • https://android.googlesource.com/platform/frameworks/base/+/b7bd7df91740da680a5c3a84d8dd91b4ca6956dd https://source.android.com/security/bulletin/2023-12-01 •
CVE-2023-21227
https://notcve.org/view.php?id=CVE-2023-21227
In HTBLogKM of htbserver.c, there is a possible information disclosure due to log information disclosure. This could lead to local information disclosure in the kernel with no additional execution privileges needed. • https://source.android.com/security/bulletin/2023-12-01 •
CVE-2023-49280 – Data leak of password hash through xwiki change request
https://notcve.org/view.php?id=CVE-2023-49280
XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change request allows to edit any page by default, and the changes are then exported in an XML file that anyone can download. So it's possible for an attacker to obtain password hash of users by performing an edit on the user profiles and then downloading the XML file that has been created. This is also true for any document that might contain password field and that a user can view. This vulnerability impacts all version of Change Request, but the impact depends on the rights that has been set on the wiki since it requires for the user to have the Change request right (allowed by default) and view rights on the page to target. This issue cannot be easily exploited in an automated way. • https://github.com/xwiki-contrib/application-changerequest/commit/ff0f5368ea04f0e4aa7b33821c707dc68a8c5ca8 https://github.com/xwiki-contrib/application-changerequest/security/advisories/GHSA-2fr7-cc7p-p45q https://jira.xwiki.org/browse/CRAPP-302 • CWE-522: Insufficiently Protected Credentials •
CVE-2023-6460 – Information leak in nodejs-firestore
https://notcve.org/view.php?id=CVE-2023-6460
A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue Existe un posible registro de la clave de Firestore a través del registro dentro de nodejs-firestore: los desarrolladores que registraran objetos a través de this._settings registrarían la clave de Firestore y potencialmente la expondrían a cualquier persona con acceso de lectura de registros. Recomendamos actualizar a la versión 6.1.0 para evitar este problema. • https://github.com/googleapis/nodejs-firestore/pull/1742 • CWE-532: Insertion of Sensitive Information into Log File CWE-922: Insecure Storage of Sensitive Information •