CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2023-33848 – IBM CICS TX information disclosure
https://notcve.org/view.php?id=CVE-2023-33848
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could allow a privileged user to obtain highly sensitive information by enabling debug mode. IBM X-Force ID: 257104. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257104 https://www.ibm.com/support/pages/node/7001647 https://www.ibm.com/support/pages/node/7001681 https://www.ibm.com/support/pages/node/7001683 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 18%CPEs: 1EXPL: 0CVE-2023-20889 – VMware Aria Operations for Networks exportPDF Code Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-20889
Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. • https://www.vmware.com/security/advisories/VMSA-2023-0012.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2541 – Sensitive information disclosure in KNIME Hub Web Application
https://notcve.org/view.php?id=CVE-2023-2541
The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. No personal information or application data was exposed. • https://www.knime.com/security/advisories#CVE-2023-2541 https://zigrin.com/advisories/knime-business-hub-sensitive-information-disclosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32550 – Landscape's Apache server-status is accessible by default
https://notcve.org/view.php?id=CVE-2023-32550
This data leak included GET requests which contain information to attack and leak further information from the Landscape API. • https://bugs.launchpad.net/landscape/+bug/1929037 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 4.1EPSS: 0%CPEs: 23EXPL: 0CVE-2023-20750
https://notcve.org/view.php?id=CVE-2023-20750
This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/June-2023 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-787: Out-of-bounds Write •