CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-38133 – webkitgtk: disclose sensitive information
https://notcve.org/view.php?id=CVE-2023-38133
A flaw was found in WebKitGTK, which exists due to excessive data output in WebKit Process Model. This issue occurs when processing malicious web content, which may lead to sensitive information disclosure to unauthorized attackers. • http://www.openwall.com/lists/oss-security/2023/08/02/1 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER https://security.gentoo.org/glsa/202401-04 https://support.apple.com/en-us/HT213841 https://support.apple.com/en-us/HT213842 https://support.apple.com/en-us/HT213843 https://support.apple.com/en-us/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 145EXPL: 1CVE-2023-20593 – hw: amd: Cross-Process Information Leak
https://notcve.org/view.php?id=CVE-2023-20593
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances. • http://seclists.org/fulldisclosure/2023/Jul/43 http://www.openwall.com/lists/oss-security/2023/07/24/3 http://www.openwall.com/lists/oss-security/2023/07/25/1 http://www.openwall.com/lists/oss-security/2023/07/25/12 http://www.openwall.com/lists/oss-security/2023/07/25/13 http://www.openwall.com/lists/oss-security/2023/07/25/14 http://www.openwall.com/lists/oss-security/2023/07/25/15 http://www.openwall.com/lists/oss-security/2023/07/25/1 • CWE-1239: Improper Zeroization of Hardware Register •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-3863 – Use-after-free in nfc_llcp_find_loca in net/nfc/llcp_core.c
https://notcve.org/view.php?id=CVE-2023-3863
This flaw allows a local user with special privileges to impact a kernel information leak issue. • https://access.redhat.com/security/cve/CVE-2023-3863 https://bugzilla.redhat.com/show_bug.cgi?id=2225126 https://github.com/torvalds/linux/commit/6709d4b7bc2e079241fdef15d1160581c5261c10 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security.netapp.com/advisory/ntap-20240202-0002 https://www.debian.org/security/2023/dsa-5480 https://www.debian.org/security/2023/dsa-5492 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3601 – Simple Author Box < 2.52 - Contributor+ Arbitrary User Information Disclosure via IDOR
https://notcve.org/view.php?id=CVE-2023-3601
The Simple Author Box WordPress plugin before 2.52 does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor. • https://wpscan.com/vulnerability/c0cc513e-c306-4920-9afb-e33d95a7292f • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.8EPSS: 0%CPEs: 38EXPL: 0CVE-2023-26301
https://notcve.org/view.php?id=CVE-2023-26301
Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints. • https://support.hp.com/us-en/document/ish_8746769-8746795-16/hpsbpi03855 • CWE-862: Missing Authorization •