CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-33833 – IBM Security Verify Information Queue information disclosure
https://notcve.org/view.php?id=CVE-2023-33833
IBM Security Verify Information Queue 10.0.4 and 10.0.5 stores sensitive information in plain clear text which can be read by a local user. IBM X-Force ID: 256013. IBM Security Verify Information Queue v10.0.4 y v10.0.5 almacena información confidencial en texto claro que puede ser leída por un usuario local. IBM X-Force ID: 256013. • https://exchange.xforce.ibmcloud.com/vulnerabilities/256013 https://www.ibm.com/support/pages/node/7029584 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41741 – Synology RT6600ax info.cgi Exposure of Sensitive Data Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-41741
Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the info.cgi file. The issue results from the exposure of sensitive data to the WAN interface. An attacker can leverage this vulnerability to disclose certain information in the context of the current process. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_10 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41740 – Synology RT6600ax uistrings.cgi Path Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-41740
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uistrings.cgi file. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the current process. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_10 •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39912 – ManageEngine ADManager Plus download Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-39912
Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ManageEngine ADManager Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the download method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account. • https://manageengine.com https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-39912.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41039 – Sandbox escape via various forms of "format" in RestrictedPython
https://notcve.org/view.php?id=CVE-2023-41039
This can lead to critical information disclosure. • https://github.com/zopefoundation/RestrictedPython/commit/4134aedcff17c977da7717693ed89ce56d54c120 https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-xjw2-6jm9-rf67 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •