CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40503 – LG Simple Editor saveXmlFile XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-40503
LG Simple Editor saveXmlFile XML External Entity Processing Information Disclosure Vulnerability. ... LG Simple Editor saveXmlFile XML External Entity Processing Information Disclosure Vulnerability. • https://www.zerodayinitiative.com/advisories/ZDI-23-1207 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2023-41181 – LG SuperSign Media Editor getSubFolderList Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-41181
LG SuperSign Media Editor getSubFolderList Directory Traversal Information Disclosure Vulnerability. • https://www.zerodayinitiative.com/advisories/ZDI-23-1220 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-41104
https://notcve.org/view.php?id=CVE-2023-41104
libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use. • https://docs.varnish-software.com/security/VSV00012 https://github.com/varnish/libvmod-digest/releases/tag/libvmod-digest-1.0.3 https://www.varnish-cache.org/security/VSV00012.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35720 – ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-35720
ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability. • https://www.asus.com/networking-iot-servers/whole-home-mesh-wifi-system/aimesh-wifi-routers-and-systems/rt-ax92u/helpdesk_bios/?model2Name=RT-AX92U https://www.zerodayinitiative.com/advisories/ZDI-23-1166 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40370 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-40370
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263470 https://www.ibm.com/support/pages/node/7028218 •