CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2023-3950 – Cleartext Storage of Sensitive Information in GitLab
https://notcve.org/view.php?id=CVE-2023-3950
An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. • https://gitlab.com/gitlab-org/gitlab/-/issues/419675 https://hackerone.com/reports/2079154 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 164EXPL: 0CVE-2023-40239
https://notcve.org/view.php?id=CVE-2023-40239
Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. • https://publications.lexmark.com/publications/security-alerts/CVE-2023-40239.pdf • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4688
https://notcve.org/view.php?id=CVE-2023-4688
Sensitive information leak through log files. • https://security-advisory.acronis.com/advisories/SEC-5782 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41751
https://notcve.org/view.php?id=CVE-2023-41751
Sensitive information disclosure due to improper token expiration validation. • https://security-advisory.acronis.com/advisories/SEC-5615 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-41750
https://notcve.org/view.php?id=CVE-2023-41750
Sensitive information disclosure due to missing authorization. • https://security-advisory.acronis.com/advisories/SEC-5382 • CWE-862: Missing Authorization •