CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2023-46662 – Improper Access Control in Sielco PolyEco1000
https://notcve.org/view.php?id=CVE-2023-46662
Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33558
https://notcve.org/view.php?id=CVE-2023-33558
An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames. • https://github.com/ninj4c0d3r/OcoMon-Research https://github.com/ninj4c0d3r/OcoMon-Research/commit/6357def478b11119270b89329fceb115f12c69fc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-42856 – Apple macOS Hydra ABC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-42856
Crafted data in an ABC image can trigger a read past the end of an allocated buffer. • http://seclists.org/fulldisclosure/2023/Oct/21 http://seclists.org/fulldisclosure/2023/Oct/24 http://seclists.org/fulldisclosure/2023/Oct/26 https://support.apple.com/en-us/HT213983 https://support.apple.com/en-us/HT213984 https://support.apple.com/en-us/HT213985 https://support.apple.com/kb/HT213983 https://support.apple.com/kb/HT213984 https://support.apple.com/kb/HT213985 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0CVE-2023-34056 – VMware vCenter Server Partial Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-34056
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data. vCenter Server contiene una vulnerabilidad de divulgación parcial de información. • https://www.vmware.com/security/advisories/VMSA-2023-0023.html • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46125 – Fides Information Disclosure Vulnerability in Config API Endpoint
https://notcve.org/view.php?id=CVE-2023-46125
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. ... The configuration data is filtered to suppress most sensitive configuration information before it is returned to the user, but even the filtered data contains information about the internals and the backend infrastructure, such as various settings, servers’ addresses and ports and database username. • https://github.com/ethyca/fides/commit/c9f3a620a4b4c1916e0941cb5624dcd636f06d06 https://github.com/ethyca/fides/releases/tag/2.22.1 https://github.com/ethyca/fides/security/advisories/GHSA-rjxg-rpg3-9r89 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •