CVE-2023-38363 – IBM CICS TX information disclosure
https://notcve.org/view.php?id=CVE-2023-38363
IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 260818. [PROBLEMTYPE] en [COMPONENT] en [VENDOR] [PRODUCT] [VERSION] en [PLATFORMS] permite que [ATTACKER] [IMPACT] a través de [VECTOR] • https://exchange.xforce.ibmcloud.com/vulnerabilities/260818 https://www.ibm.com/support/pages/node/7067987 •
CVE-2023-6076 – PHPGurukul Restaurant Table Booking System Reservation Status booking-details.php information disclosure
https://notcve.org/view.php?id=CVE-2023-6076
The manipulation of the argument bid leads to information disclosure. ... Durch Manipulieren des Arguments bid mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://vuldb.com/?ctiid.244945 https://vuldb.com/?id.244945 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-5545 – Moodle: auto-populated h5p author name causes a potential information leak
https://notcve.org/view.php?id=CVE-2023-5545
H5P metadata automatically populated the author with the user's username, which could be sensitive information. Los metadatos de H5P completaron automáticamente al autor con el nombre de usuario del usuario, que podría ser información confidencial. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820 https://bugzilla.redhat.com/show_bug.cgi?id=2243444 https://moodle.org/mod/forum/discuss.php?d=451586 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2023-5079
https://notcve.org/view.php?id=CVE-2023-5079
Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure. • https://iknow.lenovo.com.cn/detail/418253? • CWE-20: Improper Input Validation •
CVE-2023-5136 – Incorrect Permission Assignment in the TopoGrafix DataPlugin for GPX
https://notcve.org/view.php?id=CVE-2023-5136
An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file. • https://www.ni.com/en/support/documentation/supplemental/23/incorrect-permission-assignment-in-the-topografix-dataplug-for-gpx.html • CWE-611: Improper Restriction of XML External Entity Reference CWE-732: Incorrect Permission Assignment for Critical Resource •