CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29279 – ZDI-CAN-20368: Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-29279
The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. • https://helpx.adobe.com/security/products/substance3d_painter/apsb23-29.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-27564
https://notcve.org/view.php?id=CVE-2023-27564
The n8n package 0.218.0 for Node.js allows Information Disclosure. • https://github.com/david-botelho-mariano/exploit-CVE-2023-27564 https://github.com/n8n-io/n8n/releases https://security.netapp.com/advisory/ntap-20230622-0007 https://www.synacktiv.com/sites/default/files/2023-05/Synacktiv-N8N-Multiple-Vulnerabilities_0.pdf • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29280 – ZDI-CAN-20372: Adobe Substance 3D Painter PLY File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-29280
The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. • https://helpx.adobe.com/security/products/substance3d_painter/apsb23-29.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45354 – WordPress Download Monitor Plugin <= 4.7.60 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2022-45354
This can allow unauthenticated attackers to extract sensitive data including user reports, download reports, and user data including email, role, id and other info (not passwords) • https://github.com/RandomRobbieBF/CVE-2022-45354 https://patchstack.com/database/vulnerability/download-monitor/wordpress-download-monitor-plugin-4-7-60-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 256EXPL: 0CVE-2021-26371
https://notcve.org/view.php?id=CVE-2021-26371
A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 •