CVE-2023-43123 – Apache Storm: Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
https://notcve.org/view.php?id=CVE-2023-43123
As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. • http://www.openwall.com/lists/oss-security/2023/11/23/1 https://lists.apache.org/thread/88oc1vqfjtr29cz5xts0v2wm5pmhbm0l • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-6136 – WordPress Debug Log Manager Plugin <= 2.3.0 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-6136
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.0. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Bowo Debug Log Manager. Este problema afecta a Debug Log Manager: desde n/a hasta 2.3.0. The Debug Log Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_log() function hooked via AJAX in all versions up to, and including, 2.2.1. This makes it possible for attackers, with subscriber-level access and above, to clear the debug logs. • https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-2-0-sensitive-data-exposure-via-log-file-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVE-2023-48288 – WordPress WordPress Job Board and Recruitment Plugin – JobWP Plugin <= 2.1 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-48288
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.1. Vulnerabilidad de exposición de información confidencial a un actor no autorizado en HM Plugin WordPress Job Board and Recruitment Plugin – JobWP. Este problema afecta a WordPress Job Board and Recruitment Plugin – JobWP: desde n/a hasta 2.1. The WordPress Job Board and Recruitment Plugin – JobWP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1. This makes it possible for unauthenticated attackers to extract sensitive user data via resumes. • https://patchstack.com/database/vulnerability/jobwp/wordpress-jobwp-plugin-2-1-sensitive-data-exposure-on-resume-files-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-25682 – IBM Sterling B2B Integrator information disclosure
https://notcve.org/view.php?id=CVE-2023-25682
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 247034. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.0.3.8 y 6.1.0.0 a 6.1.2.1 almacena información potencialmente confidencial en archivos de registro que un usuario local podría leer. ID de IBM X-Force: 247034. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247034 https://www.ibm.com/support/pages/node/7080172 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2023-6264
https://notcve.org/view.php?id=CVE-2023-6264
Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints. • https://devolutions.net/security/advisories/DEVO-2023-0020 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •