CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-45457
https://notcve.org/view.php?id=CVE-2022-45457
Sensitive information disclosure and manipulation due to improper certification validation. • https://security-advisory.acronis.com/advisories/SEC-3957 • CWE-295: Improper Certificate Validation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2679 – Data leakage in Adobe connector for SPE edition of SLM
https://notcve.org/view.php?id=CVE-2023-2679
Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data. • https://community.snowsoftware.com/s/feed/0D56M00009Ex9dySAB • CWE-269: Improper Privilege Management •
CVSS: 9.3EPSS: 0%CPEs: 21EXPL: 0CVE-2023-30438 – IBM PowerVM gain access
https://notcve.org/view.php?id=CVE-2023-30438
An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252706 https://www.ibm.com/support/pages/node/6993021 •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-33951 – Kernel: vmwgfx: race condition leading to information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2023-33951
A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel. This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. • https://access.redhat.com/errata/RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2024:1404 https://access.redhat.com/errata/RHSA-2024:4823 https://access.redhat.com/errata/RHSA-2024:4831 https://access.redhat.com/security/cve/CVE-2023-33951 https://bugzilla.redhat.com/show_bug.cgi?id=2218195 https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32556 – Trend Micro Apex One Security Agent Link Following Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-32556
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the NT Apex One RealTime Scan Service. By creating a mount point, an attacker can abuse the service to disclose the contents of a file. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-23-651 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •