CVSS: 4.4EPSS: 0%CPEs: 16EXPL: 0CVE-2023-32819
https://notcve.org/view.php?id=CVE-2023-32819
In display, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/October-2023 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44150 – WordPress ProfilePress Plugin <= 4.13.2 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-44150
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.13.2. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en el complemento de membresía paga del equipo de membresía de ProfilePress, comercio electrónico, formulario de registro, formulario de inicio de sesión, perfil de usuario y contenido restringido: ProfilePress. Este problema afecta el complemento de membresía paga, el comercio electrónico, el formulario de registro, el formulario de inicio de sesión y el perfil de usuario. & Restringir contenido – ProfilePress: desde n/a hasta 4.13.2. The ProfilePress plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.13.2 via the unprotected access of debug logs. • https://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-profilepress-plugin-4-13-2-sensitive-data-exposure-via-debug-log-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 1CVE-2023-0989 – Improper Ownership Management in GitLab
https://notcve.org/view.php?id=CVE-2023-0989
An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration. • https://gitlab.com/gitlab-org/gitlab/-/issues/417275 https://hackerone.com/reports/1875515 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-282: Improper Ownership Management •
CVSS: 4.4EPSS: 0%CPEs: 10EXPL: 0CVE-2023-39194 – Kernel: xfrm: out-of-bounds read in __xfrm_state_filter_match()
https://notcve.org/view.php?id=CVE-2023-39194
This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure. ... The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-39194 https://bugzilla.redhat.com/show_bug.cgi?id=2226788 https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111 • CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42112 – PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-42112
PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. ... User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. ... User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files.The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. • https://www.tracker-software.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-23-1485 • CWE-125: Out-of-bounds Read •