CVSS: 7.8EPSS: 0%CPEs: 34EXPL: 0CVE-2023-25515
https://notcve.org/view.php?id=CVE-2023-25515
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure. • https://https://nvidia.custhelp.com/app/answers/detail/a_id/5468 • CWE-822: Untrusted Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3132 – MainWP Child <= 4.4.1.1 - Information Disclosure via Back-Up Files
https://notcve.org/view.php?id=CVE-2023-3132
The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.4.1.1 due to insufficient controls on the storage of back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including the entire installations database if a backup occurs and the deletion of the back-up files fail. El plugin MainWP Child para WordPress es vulnerable a la exposición de información sensible hasta la versión 4.4.1.1 inclusive, debido a controles insuficientes en el almacenamiento de archivos de copia de seguridad. Esto hace posible que atacantes no autenticados extraigan información sensible, incluyendo la base de datos completa de las instalaciones, si se produce una copia de seguridad y falla la eliminación de los archivos de copia de seguridad. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2923512%40mainwp-child&new=2923512%40mainwp-child&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/a1fadba1-674f-4f3d-997f-d29d3a887414?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-3317
https://notcve.org/view.php?id=CVE-2023-3317
This vulnerability could even lead to a kernel information leak problem. • https://patchwork.kernel.org/project/linux-wireless/patch/51fd8f76494348aa9ecbf0abc471ebe47a983dfd.1679502607.git.lorenzo%40kernel.org • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2991 – Fortra Globalscape Administration Server Information Disclosure
https://notcve.org/view.php?id=CVE-2023-2991
Fortra Globalscape EFT's administration server suffers from an information disclosure vulnerability where the serial number of the harddrive that Globalscape is installed on can be remotely determined via a "trial extension request" message • https://kb.globalscape.com/Knowledgebase/11589/Is-EFT-susceptible-to-the-Remotely-obtain-HDD-serial-number-vulnerability https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2023-25500
https://notcve.org/view.php?id=CVE-2023-25500
Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests. • https://github.com/vaadin/flow/pull/16935 https://vaadin.com/security/cve-2023-25500 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •