CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4485 – ARDEREG Sistemas SCADA SQL Injection
https://notcve.org/view.php?id=CVE-2023-4485
In this case, the vulnerability could allow an attacker to execute arbitrary SQL queries through the login page, potentially leading to unauthorized access, data leakage, or even disruption of critical industrial processes. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-39365 – Unchecked regular expressions can lead to SQL Injection and data leakage in Cacti
https://notcve.org/view.php?id=CVE-2023-39365
Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. • https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22 https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN https://www.debian.org/security&# • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-32271
https://notcve.org/view.php?id=CVE-2023-32271
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1774 https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1774 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2023-35124
https://notcve.org/view.php?id=CVE-2023-35124
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1775 https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1775 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 90EXPL: 0CVE-2022-33220 – Buffer over-read in Automotive multimedia
https://notcve.org/view.php?id=CVE-2022-33220
Information disclosure in Automotive multimedia due to buffer over-read. • https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •