CVE-2023-5247
https://notcve.org/view.php?id=CVE-2023-5247
Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition. • https://jvn.jp/vu/JVNVU93383160 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-016_en.pdf • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVE-2023-44989 – WordPress CF7 Google Sheets Connector plugin <= 5.0.5 - Sensitive Data Exposure via Debug Log vulnerability
https://notcve.org/view.php?id=CVE-2023-44989
This makes it possible for unauthenticated attackers to extract sensitive data. • https://patchstack.com/database/vulnerability/cf7-google-sheets-connector/wordpress-cf7-google-sheets-connector-plugin-5-0-5-sensitive-data-exposure-via-debug-log-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVE-2023-49693 – NETGEAR ProSAFE Network Management System RCE via Unprotected Access to Java Debug Wire Protocol
https://notcve.org/view.php?id=CVE-2023-49693
NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code. NETGEAR ProSAFE Network Management System tiene Java Debug Wire Protocol (JDWP) escuchando en el puerto 11611 y usuarios no autenticados pueden acceder a él de forma remota, lo que permite a los atacantes ejecutar código arbitrario. • https://kb.netgear.com/000065886/Security-Advisory-for-Sensitive-Information-Disclosure-on-the-NMS300-PSV-2023-0126 https://www.tenable.com/security/research/tra-2023-39 • CWE-306: Missing Authentication for Critical Function •
CVE-2022-42539
https://notcve.org/view.php?id=CVE-2022-42539
Information disclosure Divulgación de información • https://source.android.com/docs/security/bulletin/chromecast/2023-07-01 •
CVE-2023-42505 – Apache Superset: Sensitive information disclosure on db connection details
https://notcve.org/view.php?id=CVE-2023-42505
An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username. This issue affects Apache Superset before 3.0.0. Un usuario autenticado con permisos de lectura sobre los metadatos de las conexiones de bases de datos podría acceder a información confidencial, como el nombre de usuario de la conexión. Este problema afecta a Apache Superset anterior a 3.0.0. • http://www.openwall.com/lists/oss-security/2023/11/28/5 https://lists.apache.org/thread/bd0fhtfzrtgo1q8x35tpm8ms144d1t2y • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •