CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40682 – IBM App Connect Enterprise information disclosure
https://notcve.org/view.php?id=CVE-2023-40682
IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833. IBM App Connect Enterprise versiones 12.0.1.0 a la 12.0.8.0 contiene una vulnerabilidad no especificada que podría permitir a un usuario local privilegiado obtener información confidencial de los registros de API. ID de IBM X-Force: 263833. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263833 https://www.ibm.com/support/pages/node/7051204 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29464 – Rockwell Automation FactoryTalk Linx Vulnerable to Denial-of-Service and Information Disclosure
https://notcve.org/view.php?id=CVE-2023-29464
FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141040 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 380EXPL: 0CVE-2023-4562 – Information Disclosure, Information Tampering and Authentication Bypass Vulnerability in MELSEC-F Series main module
https://notcve.org/view.php?id=CVE-2023-4562
Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages. • https://jvn.jp/vu/JVNVU90509290 https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-13 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-012_en.pdf • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45834 – WordPress Libsyn Publisher Hub Plugin <= 1.4.4 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-45834
This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/libsyn-podcasting/wordpress-libsyn-publisher-hub-plugin-1-4-4-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-32275
https://notcve.org/view.php?id=CVE-2023-32275
An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1753 https://www.softether.org/9-about/News/904-SEVPN202301 • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-668: Exposure of Resource to Wrong Sphere •