CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-39365 – Unchecked regular expressions can lead to SQL Injection and data leakage in Cacti
https://notcve.org/view.php?id=CVE-2023-39365
Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. • https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22 https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN https://www.debian.org/security&# • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-32271
https://notcve.org/view.php?id=CVE-2023-32271
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1774 https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1774 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2023-35124
https://notcve.org/view.php?id=CVE-2023-35124
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1775 https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1775 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 90EXPL: 0CVE-2022-33220 – Buffer over-read in Automotive multimedia
https://notcve.org/view.php?id=CVE-2022-33220
Information disclosure in Automotive multimedia due to buffer over-read. • https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22870 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2023-22870
IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 244121. IBM Aspera Faspex v5.0.5 transmite información sensible en texto claro que podría ser obtenida por un atacante utilizando técnicas de "man in the middle". IBM X-Force ID: 244121. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244121 https://www.ibm.com/support/pages/node/7029681 • CWE-319: Cleartext Transmission of Sensitive Information •