CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36919 – Information Disclosure in SAP Enable Now
https://notcve.org/view.php?id=CVE-2023-36919
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated attacker to obtain referrer details, resulting in information disclosure. • https://launchpad.support.sap.com/#/notes/3326769 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-116: Improper Encoding or Escaping of Output CWE-213: Exposure of Sensitive Information Due to Incompatible Policies CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax •
CVSS: 9.4EPSS: 0%CPEs: 20EXPL: 0CVE-2023-35871 – Memory Corruption vulnerability in SAP Web Dispatcher
https://notcve.org/view.php?id=CVE-2023-35871
The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, has a vulnerability that can be exploited by an unauthenticated attacker to cause memory corruption through logical errors in memory management this may leads to information disclosure or system crashes, which can have low impact on confidentiality and high impact on the integrity and availability of the system. • https://me.sap.com/notes/3340735 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-787: Out-of-bounds Write •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37890 – WordPress KB Support Plugin <= 1.5.88 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2023-37890
Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subscriber can view other customers.This issue affects KB Support – WordPress Help Desk and Knowledge Base: from n/a through 1.5.88. Vulnerabilidad de autorización faltante en WPOmnia KB Support – WordPress Help Desk and Knowledge Base permite Accessing Functionality Not Properly Constrained by ACLs. Los usuarios con un rol tan bajo como suscriptor pueden ver a otros clientes. Este problema afecta a KB Support – WordPress Help Desk and Knowledge Base: desde n/a hasta 1.5.88. • https://patchstack.com/database/vulnerability/kb-support/wordpress-kb-support-wordpress-help-desk-plugin-1-5-88-sensitive-data-exposure-vulnerability? • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2023-34432 – Heap-buffer-overflow in src/formats_i.c
https://notcve.org/view.php?id=CVE-2023-34432
This flaw can lead to a denial of service, code execution, or information disclosure. • https://access.redhat.com/security/cve/CVE-2023-34432 https://bugzilla.redhat.com/show_bug.cgi?id=2212291 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-34318 – Heap-buffer-overflow in src/hcom.c
https://notcve.org/view.php?id=CVE-2023-34318
This flaw can lead to a denial of service, code execution, or information disclosure. • https://access.redhat.com/security/cve/CVE-2023-34318 https://bugzilla.redhat.com/show_bug.cgi?id=2212283 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •