CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34341
https://notcve.org/view.php?id=CVE-2023-34341
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure, or data tampering. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34345
https://notcve.org/view.php?id=CVE-2023-34345
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34344 – A vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username
https://notcve.org/view.php?id=CVE-2023-34344
AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf • CWE-203: Observable Discrepancy •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3139 – Protect WP Admin < 4.0 - Unauthenticated Protection Bypass
https://notcve.org/view.php?id=CVE-2023-3139
The Protect WP Admin plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 3.8. This is due to a data leak when performing a redirect after processing a crafted request. • https://magos-securitas.com/txt/CVE-2023-3139.txt https://wpscan.com/vulnerability/f8a29aee-19cd-4e62-b829-afc9107f69bd • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32731 – Information leak in gRPC
https://notcve.org/view.php?id=CVE-2023-32731
If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. • https://github.com/grpc/grpc/pull/32309 https://github.com/grpc/grpc/pull/33005 • CWE-440: Expected Behavior Violation •