CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38275 – IBM Cognos Dashboards information disclosure
https://notcve.org/view.php?id=CVE-2023-38275
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. ... IBM Cognos Dashboards en Cloud Pak for Data 4.7.0 expone información confidencial en imágenes de contenedores que podrían provocar más ataques contra el system. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260735 https://www.ibm.com/support/pages/node/7031207 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34044 – Information disclosure vulnerability in bluetooth device-sharing functionality
https://notcve.org/view.php?id=CVE-2023-34044
VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. VMware Workstation (17.x anterior a 17.5) y Fusion (13.x anterior a 13.5) contienen una vulnerabilidad de lectura fuera de límites que existe en la funcionalidad para compartir dispositivos Bluetooth host con la máquina virtual. Un actor malintencionado con privilegios administrativos locales en una máquina virtual puede leer información privilegiada contenida en la memoria del hipervisor desde una máquina virtual. This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. • https://www.vmware.com/security/advisories/VMSA-2023-0022.html • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4601 – Stack-based Buffer Overflow in NI System Configuration Software
https://notcve.org/view.php?id=CVE-2023-4601
A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. ... Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of response data from devices. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. • https://www.ni.com/en/support/documentation/supplemental/23/stack-based-buffer-overflow-in-ni-system-configuration.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35656
https://notcve.org/view.php?id=CVE-2023-35656
This could lead to remote information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2023-10-01 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-43891 – IBM Security Verify Privilege information disclosure
https://notcve.org/view.php?id=CVE-2022-43891
IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 240454. IBM Security Verify Privilege On-Premises 11.5 podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría usarse en futuros ataques contra el System. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240454 https://www.ibm.com/support/pages/node/7047202 • CWE-209: Generation of Error Message Containing Sensitive Information •