Page 495 of 10658 results (0.051 seconds)

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-34344 – A vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username

https://notcve.org/view.php?id=CVE-2023-34344

AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf • CWE-203: Observable Discrepancy •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-3139 – Protect WP Admin < 4.0 - Unauthenticated Protection Bypass

https://notcve.org/view.php?id=CVE-2023-3139

The Protect WP Admin plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 3.8. This is due to a data leak when performing a redirect after processing a crafted request. • https://magos-securitas.com/txt/CVE-2023-3139.txt https://wpscan.com/vulnerability/f8a29aee-19cd-4e62-b829-afc9107f69bd • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-32731 – Information leak in gRPC

https://notcve.org/view.php?id=CVE-2023-32731

If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. • https://github.com/grpc/grpc/pull/32309 https://github.com/grpc/grpc/pull/33005 • CWE-440: Expected Behavior Violation •

CVSS: 7.1EPSS: 0%CPEs: 13EXPL: 0

CVE-2023-3141 – kernel: Use after free bug in r592_remove

https://notcve.org/view.php?id=CVE-2023-3141

This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. ... This issue may allow a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63264422785021704c39b38f65a78ab9e4a186d7 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lore.kernel.org/lkml/CAPDyKFoV9aZObZ5GBm0U_-UVeVkBN_rAG-kH3BKoP4EXdYM4bw%40mail.gmail.com/t https://security.netapp.com/advisory/ntap-20230706-0004 https://access.redhat.com • CWE-416: Use After Free •

CVSS: 3.7EPSS: 0%CPEs: 14EXPL: 0

CVE-2023-33847 – IBM CICS TX information disclosure

https://notcve.org/view.php?id=CVE-2023-33847

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257102. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257102 https://www.ibm.com/support/pages/node/7001635 https://www.ibm.com/support/pages/node/7001641 https://www.ibm.com/support/pages/node/7001645 •