CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-39189 – Kernel: netfilter: nftables out-of-bounds read in nf_osf_match_one()
https://notcve.org/view.php?id=CVE-2023-39189
This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. ... The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-39189 https://bugzilla.redhat.com/show_bug.cgi?id=2226777 https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5365 – HP LIFE Android Mobile – Potential Escalation of Privilege, Information Disclosure
https://notcve.org/view.php?id=CVE-2023-5365
HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure. • https://support.hp.com/us-en/document/ish_9393937-9393961-16/hpsbgn03870 • CWE-284: Improper Access Control •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-45247
https://notcve.org/view.php?id=CVE-2023-45247
Sensitive information disclosure and manipulation due to missing authorization. • https://security-advisory.acronis.com/advisories/SEC-6600 • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5331 – File Information Leak via IDOR in file_id in Draft Posts
https://notcve.org/view.php?id=CVE-2023-5331
Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information. Mattermost no verifica adecuadamente el creador de un archivo adjunto al agregar el fichero a un borrador de publicación, lo que potencialmente expone información del archivo no autorizada. • https://mattermost.com/security-updates • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46820 – WordPress Image Regenerate & Select Crop Plugin <= 7.3.0 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-46820
This can allow unauthenticated attackers to extract sensitive data if directory indexing is enabled or if they are able to determine the log file format and bruteforce potential log filenames. • https://patchstack.com/database/vulnerability/image-regenerate-select-crop/wordpress-image-regenerate-select-crop-plugin-7-3-0-sensitive-data-exposure-via-log-file-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •