CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-39193 – Kernel: netfilter: xtables sctp out-of-bounds read in match_flags()
https://notcve.org/view.php?id=CVE-2023-39193
This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. ... The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-39193 https://bugzilla.redhat.com/show_bug.cgi?id=2226787 https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://www.zerodayinitiative.com/advisories/ZDI-CAN-18866 • CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42107 – PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-42107
PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. ... User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. ... User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files.The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. • https://www.tracker-software.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-23-1487 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40049 – WS_FTP Server Information Disclosure via Directory Listing
https://notcve.org/view.php?id=CVE-2023-40049
In WS_FTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing. En la versión del servidor WS_FTP anterior a la 8.8.2, un usuario no autenticado podía enumerar archivos en la lista del directorio 'WebServiceHost'. • https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023 https://www.progress.com/ws_ftp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0CVE-2023-44206
https://notcve.org/view.php?id=CVE-2023-44206
Sensitive information disclosure and manipulation due to improper authorization. • https://security-advisory.acronis.com/advisories/SEC-5839 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-44159
https://notcve.org/view.php?id=CVE-2023-44159
Sensitive information disclosure due to cleartext storage of sensitive information. • https://security-advisory.acronis.com/advisories/SEC-5787 • CWE-312: Cleartext Storage of Sensitive Information •