CVE-2023-45189 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-45189
A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752. Una vulnerabilidad en IBM Robotic Process Automation e IBM Robotic Process Automation para Cloud Pak 21.0.0 a 21.0.7.10, 23.0.0 a 23.0.10 puede provocar acceso a las credenciales de la bóveda del cliente. Esta vulnerabilidad difícil de explotar podría permitir que un atacante con pocos privilegios acceda mediante programación a las credenciales de la bóveda del cliente. • https://exchange.xforce.ibmcloud.com/vulnerabilities/268752 https://www.ibm.com/support/pages/node/7065204 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-31017
https://notcve.org/view.php?id=CVE-2023-31017
NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5491 • CWE-552: Files or Directories Accessible to External Parties •
CVE-2023-31016
https://notcve.org/view.php?id=CVE-2023-31016
NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5491 • CWE-427: Uncontrolled Search Path Element •
CVE-2023-43087
https://notcve.org/view.php?id=CVE-2023-43087
A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure. • https://www.dell.com/support/kbdoc/en-us/000218934/powerscale-onefs-security-updates-for-multiple-security-vulnerabilities • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-755: Improper Handling of Exceptional Conditions •
CVE-2023-39053
https://notcve.org/view.php?id=CVE-2023-39053
An information leak in Hattoriya v13.6.1 allows attackers to obtain the channel access token and send crafted messages. • https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39053.md https://liff.line.me/1657507029-eDjDJQ68 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •