CVSS: 6.5EPSS: 0%CPEs: 86EXPL: 0CVE-2023-21647 – Improper Input Validation in Bluetooth HOST
https://notcve.org/view.php?id=CVE-2023-21647
Information disclosure in Bluetooth when an GATT packet is received due to improper input validation. • https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin • CWE-20: Improper Input Validation •
CVSS: 8.2EPSS: 0%CPEs: 92EXPL: 0CVE-2023-21625 – Buffer Over-read in Network Services
https://notcve.org/view.php?id=CVE-2023-21625
Information disclosure in Network Services due to buffer over-read while the device receives DNS response. • https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-37486 – Information Disclosure vulnerability in SAP Commerce (OCC API)
https://notcve.org/view.php?id=CVE-2023-37486
Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successful exploitation there could be a high impact on confidentiality with no impact on integrity and availability of the application. • https://me.sap.com/notes/3341934 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39440 – Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2023-39440
In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. For a successful attack, the attacker needs to have local access to the system. There is no impact on availability and integrity. • https://me.sap.com/notes/3312586 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-39436 – Information Disclosure in SAP Supplier Relationship Management
https://notcve.org/view.php?id=CVE-2023-39436
SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM. • https://me.sap.com/notes/2067220 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-306: Missing Authentication for Critical Function •