CVE-2023-22862 – IBM Aspera information disclosure
https://notcve.org/view.php?id=CVE-2023-22862
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 244107. IBM Aspera Connect e IBM Aspera Cargo 4.2.5 transmite credenciales de autenticación, pero utiliza un método inseguro que es susceptible de ser interceptado y/o recuperado sin autorización. IBM X-Force ID: 244107 IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244107 https://www.ibm.com/support/pages/node/7001053 • CWE-522: Insufficiently Protected Credentials CWE-523: Unprotected Transport of Credentials •
CVE-2023-3126 – B2BKing <= 4.6.00 - Missing Authorization to Authenticated(Subscriber+) Information Disclosure
https://notcve.org/view.php?id=CVE-2023-3126
The B2BKing plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'b2bkingdownloadpricelist' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to retrieve the full pricing list of all products on the site. El plugin B2BKing para WordPress es vulnerable al acceso no autorizado de datos debido a la falta de comprobación en la función "b2bkingdownloadpricelist" en las versiones hasta la v4.6.00 inclusive. Esto hace posible que atacantes autenticados con permisos a nivel de suscriptor o cliente recuperen la lista completa de precios de todos los productos del sitio. • https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-b2bking-plugin https://woocommerce-b2b-plugin.com/changelog https://www.wordfence.com/threat-intel/vulnerabilities/id/d2e3ac14-1421-49f0-9c60-7f7d5c9d7654?source=cve • CWE-862: Missing Authorization •
CVE-2023-2063 – Information disclosure, tampering, deletion and destruction vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules
https://notcve.org/view.php?id=CVE-2023-2063
Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure, tampering, deletion or destruction via file upload/download. • https://jvn.jp/vu/JVNVU92908006 https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-2062 – Information Disclosure vulnerability in EtherNet/IP Configuration tools
https://notcve.org/view.php?id=CVE-2023-2062
Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. This vulnerability results in authentication bypass vulnerability, which allows the attacker to access MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP via FTP. • https://jvn.jp/vu/JVNVU92908006 https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdf https://www.cisa.gov/news-events/ics-advisories/icsa-23-157-02 • CWE-549: Missing Password Field Masking CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2023-32710 – Information Disclosure via the ‘copyresults’ SPL Command
https://notcve.org/view.php?id=CVE-2023-32710
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run. • https://advisory.splunk.com/advisories/SVD-2023-0609 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •