CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-33951 – Kernel: vmwgfx: race condition leading to information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2023-33951
A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel. This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. • https://access.redhat.com/errata/RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2024:1404 https://access.redhat.com/errata/RHSA-2024:4823 https://access.redhat.com/errata/RHSA-2024:4831 https://access.redhat.com/security/cve/CVE-2023-33951 https://bugzilla.redhat.com/show_bug.cgi?id=2218195 https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28076
https://notcve.org/view.php?id=CVE-2023-28076
An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure. • https://www.dell.com/support/kbdoc/en-us/000212095/dsa-2023-121-dell-cloudlink-security-update-for-aes-gcm-ciphers-vulnerability • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32798 – Simple Page Ordering <= 2.5.0 - Missing Authorization to Information Disclosure
https://notcve.org/view.php?id=CVE-2023-32798
The Simple Page Ordering plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the rest_page_ordering function in versions up to, and including, 2.5.0. • CWE-862: Missing Authorization •
CVSS: 4.4EPSS: 0%CPEs: 56EXPL: 0CVE-2023-20698
https://notcve.org/view.php?id=CVE-2023-20698
This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/May-2023 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 57EXPL: 0CVE-2023-20711
https://notcve.org/view.php?id=CVE-2023-20711
This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/May-2023 • CWE-125: Out-of-bounds Read •