CVE-2023-2446 – UserPro <= 5.1.1 - Sensitive Information Disclosure via Shortcode
https://notcve.org/view.php?id=CVE-2023-2446
The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. ... WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. • http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 https://www.wordfence.com/threat-intel/vulnerabilities/id/4072ba5f-6385-4fa3-85b6-89dac7b60a92?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-36013 – PowerShell Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-36013
PowerShell Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de PowerShell • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36013 • CWE-668: Exposure of Resource to Wrong Sphere CWE-798: Use of Hard-coded Credentials •
CVE-2023-46705 – Arkruntime has a type confusion vulnerability
https://notcve.org/view.php?id=CVE-2023-46705
in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2023-38361 – IBM CICS TX Advanced information disclosure
https://notcve.org/view.php?id=CVE-2023-38361
IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 260770. IBM CICS TX Advanced 10.1 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 260770. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260770 https://www.ibm.com/support/pages/node/7066431 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2020-11447
https://notcve.org/view.php?id=CVE-2020-11447
Remote authenticated users can retrieve the serial number via cgi/json-req - this is an information leak because the serial number is intended to prove an actor's physical access to the device. • https://0xem.ma/posts/HH3K-CVE https://support.bell.ca/Internet/Connection-help/Access_control_in_the_Home_Hub_modems • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •