CVE-2023-46705 – Arkruntime has a type confusion vulnerability
https://notcve.org/view.php?id=CVE-2023-46705
in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2023-38361 – IBM CICS TX Advanced information disclosure
https://notcve.org/view.php?id=CVE-2023-38361
IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 260770. IBM CICS TX Advanced 10.1 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 260770. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260770 https://www.ibm.com/support/pages/node/7066431 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2020-11447
https://notcve.org/view.php?id=CVE-2020-11447
Remote authenticated users can retrieve the serial number via cgi/json-req - this is an information leak because the serial number is intended to prove an actor's physical access to the device. • https://0xem.ma/posts/HH3K-CVE https://support.bell.ca/Internet/Connection-help/Access_control_in_the_Home_Hub_modems • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-6121 – Kernel: nvme: info leak due to out-of-bounds read in nvmet_ctrl_find_get
https://notcve.org/view.php?id=CVE-2023-6121
This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg). • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-6121 https://bugzilla.redhat.com/show_bug.cgi?id=2250043 https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html • CWE-125: Out-of-bounds Read •
CVE-2023-6105 – ManageEngine Information Disclosure in Multiple Products
https://notcve.org/view.php?id=CVE-2023-6105
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. • https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html https://www.tenable.com/security/research/tra-2023-35 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •