CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2023-4499
https://notcve.org/view.php?id=CVE-2023-4499
A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. • https://support.hp.com/us-en/document/ish_9440593-9440618-16 • CWE-295: Improper Certificate Validation •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40682 – IBM App Connect Enterprise information disclosure
https://notcve.org/view.php?id=CVE-2023-40682
IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833. IBM App Connect Enterprise versiones 12.0.1.0 a la 12.0.8.0 contiene una vulnerabilidad no especificada que podría permitir a un usuario local privilegiado obtener información confidencial de los registros de API. ID de IBM X-Force: 263833. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263833 https://www.ibm.com/support/pages/node/7051204 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29464 – Rockwell Automation FactoryTalk Linx Vulnerable to Denial-of-Service and Information Disclosure
https://notcve.org/view.php?id=CVE-2023-29464
Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141040 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 380EXPL: 0CVE-2023-4562 – Information Disclosure, Information Tampering and Authentication Bypass Vulnerability in MELSEC-F Series main module
https://notcve.org/view.php?id=CVE-2023-4562
Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages. Vulnerabilidad de autenticación incorrecta en los módulos principales de la serie MELSEC-F de Mitsubishi Electric Corporation permite que un atacante remoto no autenticado obtenga programas de secuencia del producto o escriba programas de secuencia maliciosos o datos inadecuados en el producto sin autenticación mediante el envío de mensajes ilegítimos. • https://jvn.jp/vu/JVNVU90509290 https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-13 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-012_en.pdf • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45834 – WordPress Libsyn Publisher Hub Plugin <= 1.4.4 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-45834
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through 1.4.4. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Libsyn Libsyn Publisher Hub. Este problema afecta a Libsyn Publisher Hub: desde n/a hasta 1.4.4. The Libsyn Publisher Hub plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/libsyn-podcasting/wordpress-libsyn-publisher-hub-plugin-1-4-4-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •