CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31001 – IBM Security Access Manager Container information disclosure
https://notcve.org/view.php?id=CVE-2023-31001
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653. IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.6.1) almacena temporalmente información confidencial en archivos a los que un usuario local podría acceder. ID de IBM X-Force: 254653. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254653 https://www.ibm.com/support/pages/node/7106586 • CWE-257: Storing Passwords in a Recoverable Format •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52331 – Trend Micro Apex Central modVulnerabilityProtect Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-52331
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de server-side request forgery (SSRF) posterior a la autenticación en Trend Micro Apex Central podría permitir a un atacante interactuar directamente con servicios internos o locales. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the modVulnerabilityProtect module. • https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-24-052 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-42934
https://notcve.org/view.php?id=CVE-2023-42934
An information disclosure issue was addressed by removing the vulnerable code. • https://support.apple.com/en-us/HT213938 https://support.apple.com/en-us/HT213940 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-47171
https://notcve.org/view.php?id=CVE-2023-47171
An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1869 • CWE-73: External Control of File Name or Path •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49864
https://notcve.org/view.php?id=CVE-2023-49864
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1880 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •