CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39291
https://notcve.org/view.php?id=CVE-2023-39291
A vulnerability in the Connect Mobility Router component of MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0013 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2023-34723 – Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2023-34723
TECHView LA5570 Wireless Gateway version 1.0.19_T53 suffers from directory traversal, privilege escalation, and information disclosure vulnerabilities. • https://www.exploit-db.com/exploits/51720 http://packetstormsecurity.com/files/174553/TECHView-LA5570-Wireless-Gateway-1.0.19_T53-Traversal-Privilege-Escalation.html https://www.exploitsecurity.io/post/cve-2023-34723-cve-2023-34724-cve-2023-34725 https://www.jaycar.com.au/wireless-gateway-home-automation-controller/p/LA5570 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40371 – IBM AIX information disclosure
https://notcve.org/view.php?id=CVE-2023-40371
IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263476 https://www.ibm.com/support/pages/node/7028420 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-3705 – Information Disclosure Vulnerability in CP-Plus Network Video Recorder
https://notcve.org/view.php?id=CVE-2023-3705
The vulnerability exists in CP-Plus NVR due to an improper input handling at the web-based management interface of the affected product. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to obtain sensitive information on the targeted device. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0239 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4230 – ioLogik 4000 Series: Server Banner Information Disclosure
https://notcve.org/view.php?id=CVE-2023-4230
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series devices. This vulnerability may enable attackers to gather information for the purpose of assessing vulnerabilities and potential attack vectors. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230310-iologik-4000-series-multiple-web-server-vulnerabilities-and-improper-access-control-vulnerability • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •