CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32552 – Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-32552
An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 4343 by default. The issue results from improper access control. An attacker can leverage this vulnerability to disclose information from the application. • https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-23-655 •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2023-32256 – Linux Kernel ksmbd Session User Object Race Condition Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-32256
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists within the processing of SMB2_QUERY_INFO and SMB2_LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32553 – Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-32553
An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32552. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console. The issue results from improper access control. An attacker can leverage this vulnerability to disclose information from the application. • https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-23-653 •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-33951 – Kernel: vmwgfx: race condition leading to information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2023-33951
A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel. This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. • https://access.redhat.com/errata/RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2024:1404 https://access.redhat.com/errata/RHSA-2024:4823 https://access.redhat.com/errata/RHSA-2024:4831 https://access.redhat.com/security/cve/CVE-2023-33951 https://bugzilla.redhat.com/show_bug.cgi?id=2218195 https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28076
https://notcve.org/view.php?id=CVE-2023-28076
An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure. • https://www.dell.com/support/kbdoc/en-us/000212095/dsa-2023-121-dell-cloudlink-security-update-for-aes-gcm-ciphers-vulnerability • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •