CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-23348 – HCL Launch is vulnerable to sensitive information disclosure
https://notcve.org/view.php?id=CVE-2023-23348
HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105978 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-34442 – Apache Camel JIRA: Temporary file information disclosure in Camel-Jira
https://notcve.org/view.php?id=CVE-2023-34442
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3. Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1 • https://lists.apache.org/thread/x4vy2hhbltb1xrvy1g6m8hpjgj2k7wgh • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35887 – Apache MINA SSHD: Information disclosure bugs with RootedFilesystem
https://notcve.org/view.php?id=CVE-2023-35887
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks. This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10 A flaw was found in Apache Mina SSHD that could be exploited on certain SFTP servers implemented using the Apache Mina RootedFileSystem. This issue could permit authenticated users to view information outside of their permissions scope. • https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2 https://access.redhat.com/security/cve/CVE-2023-35887 https://bugzilla.redhat.com/show_bug.cgi?id=2240036 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37868 – WordPress Premium Addons PRO Plugin <= 2.9.0 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-37868
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through 2.9.0. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Leap13 Premium Addons PRO. Este problema afecta a Premium Addons PRO: desde n/a hasta 2.9.0. The Premium Addons PRO plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.9.0. This makes it possible for contributor-level attackers to retrieve sensitive data. • https://patchstack.com/database/vulnerability/premium-addons-pro/wordpress-premium-addons-pro-plugin-2-9-0-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-29256 – IBM Db2 information disclosure
https://notcve.org/view.php?id=CVE-2023-29256
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252046 https://security.netapp.com/advisory/ntap-20230731-0007 https://www.ibm.com/support/pages/node/7010573 • CWE-269: Improper Privilege Management •