CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-32322 – Arbitrary file read in Ombi
https://notcve.org/view.php?id=CVE-2023-32322
This vulnerability can lead to information disclosure. • https://docs.ombi.app/guides/installation/#windows https://github.com/Ombi-app/Ombi/blob/v4.36.1/src/Ombi/Controllers/V2/SystemController.cs#L46 https://github.com/Ombi-app/Ombi/blob/v4.36.1/src/Ombi/Controllers/V2/SystemController.cs#L58 https://github.com/Ombi-app/Ombi/commit/b8a8f029d80454d582bc4a2a05175106809335d0 https://github.com/Ombi-app/Ombi/security/advisories/GHSA-28j3-84m7-gpjp • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2782
https://notcve.org/view.php?id=CVE-2023-2782
Sensitive information disclosure due to improper authorization. • https://security-advisory.acronis.com/advisories/SEC-3475 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-45450
https://notcve.org/view.php?id=CVE-2022-45450
Sensitive information disclosure and manipulation due to improper authorization. • https://security-advisory.acronis.com/advisories/SEC-2410 • CWE-285: Improper Authorization CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-45459
https://notcve.org/view.php?id=CVE-2022-45459
Sensitive information disclosure due to insecure registry permissions. • https://security-advisory.acronis.com/advisories/SEC-3196 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-45458
https://notcve.org/view.php?id=CVE-2022-45458
Sensitive information disclosure and manipulation due to improper certification validation. • https://security-advisory.acronis.com/advisories/SEC-3952 • CWE-295: Improper Certificate Validation •