CVE-2023-40468 – PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-40468
PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. • https://www.zerodayinitiative.com/advisories/ZDI-23-1145 • CWE-125: Out-of-bounds Read •
CVE-2023-35009 – IBM Cognos Analytics information disclosure
https://notcve.org/view.php?id=CVE-2023-35009
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. IBM X-Force ID: 257703. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257703 https://security.netapp.com/advisory/ntap-20230831-0014 https://security.netapp.com/advisory/ntap-20240621-0005 https://www.ibm.com/support/pages/node/7026692 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2023-4387 – Kernel: vmxnet3: use-after-free in vmxnet3_rq_alloc_rx_buf()
https://notcve.org/view.php?id=CVE-2023-4387
This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem. • https://access.redhat.com/security/cve/CVE-2023-4387 https://bugzilla.redhat.com/show_bug.cgi?id=2219270 https://github.com/torvalds/linux/commit/9e7fef9521e73ca8afd7da9e58c14654b02dfad8 • CWE-416: Use After Free •
CVE-2023-39250
https://notcve.org/view.php?id=CVE-2023-39250
Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. • https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities • CWE-540: Inclusion of Sensitive Information in Source Code CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2023-40338 – jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin
https://notcve.org/view.php?id=CVE-2023-40338
Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system. A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin display an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available. This flaw exposes information about the Jenkins controller file system. • http://www.openwall.com/lists/oss-security/2023/08/16/3 https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3109 https://access.redhat.com/security/cve/CVE-2023-40338 https://bugzilla.redhat.com/show_bug.cgi?id=2232426 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •