CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-45457
https://notcve.org/view.php?id=CVE-2022-45457
Sensitive information disclosure and manipulation due to improper certification validation. • https://security-advisory.acronis.com/advisories/SEC-3957 • CWE-295: Improper Certificate Validation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2679 – Data leakage in Adobe connector for SPE edition of SLM
https://notcve.org/view.php?id=CVE-2023-2679
Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data. • https://community.snowsoftware.com/s/feed/0D56M00009Ex9dySAB • CWE-269: Improper Privilege Management •
CVSS: 9.3EPSS: 0%CPEs: 21EXPL: 0CVE-2023-30438 – IBM PowerVM gain access
https://notcve.org/view.php?id=CVE-2023-30438
An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252706 https://www.ibm.com/support/pages/node/6993021 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32556 – Trend Micro Apex One Security Agent Link Following Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-32556
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the NT Apex One RealTime Scan Service. By creating a mount point, an attacker can abuse the service to disclose the contents of a file. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-23-651 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32552 – Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-32552
An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 4343 by default. The issue results from improper access control. An attacker can leverage this vulnerability to disclose information from the application. • https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-23-655 •