CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25008 – Autodesk 3DS Max USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-25008
A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds read vulnerability which could result in code execution. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of USD files. Crafted data in a USD file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0008 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27870 – IBM Spectrum Virtualize information disclosure
https://notcve.org/view.php?id=CVE-2023-27870
IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID: 249518. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249518 https://www.ibm.com/support/pages/node/6985697 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31445
https://notcve.org/view.php?id=CVE-2023-31445
Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users. • https://github.com/Dodge-MPTC/CVE-2023-31445-Unprivileged-Information-Disclosure https://blog.kscsc.online/cves/202331445/md.html https://www.cassianetworks.com • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 1CVE-2023-1625 – Information leak in api
https://notcve.org/view.php?id=CVE-2023-1625
An information leak was discovered in OpenStack heat. • https://access.redhat.com/security/cve/CVE-2023-1625 https://bugzilla.redhat.com/show_bug.cgi?id=2181621 https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb https://launchpad.net/bugs/1999665 • CWE-202: Exposure of Sensitive Information Through Data Queries •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22447
https://notcve.org/view.php?id=CVE-2023-22447
Insertion of sensitive information into log file in the Open CAS software for Linux maintained by Intel before version 22.6.2 may allow a privileged user to potentially enable information disclosure via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00827.html • CWE-532: Insertion of Sensitive Information into Log File •