CVE-2023-6505 – Prime Mover < 1.9.3 - Directory Listing to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-6505
This makes it possible for unauthenticated attackers to extract sensitive data including site and configuration information, directories, files, and password hashes. • https://wpscan.com/vulnerability/eca6f099-6af0-4f42-aade-ab61dd792629 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-48333 – WordPress Booster for WooCommerce Plugin <= 7.1.1 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-48333
The Booster for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_atts() function in all versions up to, and including, 7.1.1. • https://patchstack.com/database/vulnerability/woocommerce-jetpack/wordpress-booster-for-woocommerce-plugin-7-1-1-authenticated-arbitrary-order-information-disclosure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVE-2021-39008 – IBM QRadar WinCollect Agent information disclosure
https://notcve.org/view.php?id=CVE-2021-39008
IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a privileged user to obtain sensitive information due to missing best practices. IBM X-Force ID: 213551. IBM QRadar WinCollect Agent 10.0 a 10.1.7 podría permitir que un usuario privilegiado obtenga información confidencial debido a la falta de mejores prácticas. ID de IBM X-Force: 213551. • https://exchange.xforce.ibmcloud.com/vulnerabilities/213551 https://www.ibm.com/support/pages/node/7081403 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-43123 – Apache Storm: Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
https://notcve.org/view.php?id=CVE-2023-43123
As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. • http://www.openwall.com/lists/oss-security/2023/11/23/1 https://lists.apache.org/thread/88oc1vqfjtr29cz5xts0v2wm5pmhbm0l • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-6136 – WordPress Debug Log Manager Plugin <= 2.3.0 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-6136
The Debug Log Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_log() function hooked via AJAX in all versions up to, and including, 2.2.1. • https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-2-0-sensitive-data-exposure-via-log-file-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •