CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27938 – Apple GarageBand MIDI File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-27938
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in GarageBand for macOS 10.4.8. Parsing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple GarageBand. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within a function in MACore.framework. • https://support.apple.com/en-us/HT213650 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1524 – Download Manager < 3.2.71 - Broken Access Controls
https://notcve.org/view.php?id=CVE-2023-1524
The Download Manager plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 3.2.7.0, due to insufficient validation of passwords on password protected files. • https://wpscan.com/vulnerability/3802d15d-9bfd-4762-ab8a-04475451868e • CWE-285: Improper Authorization •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-43877 – IBM UrbanCode Deploy (UCD) information disclosure
https://notcve.org/view.php?id=CVE-2022-43877
IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240148 https://www.ibm.com/support/pages/node/6967351 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22313 – IBM QRadar Data Synchronization App information disclosure
https://notcve.org/view.php?id=CVE-2022-22313
IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370. • https://exchange.xforce.ibmcloud.com/vulnerabilities/217370 https://www.ibm.com/support/pages/node/6980797 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 0CVE-2023-1859
https://notcve.org/view.php?id=CVE-2023-1859
This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak. • https://lore.kernel.org/all/20230313090002.3308025-1-zyytlz.wz%40163.com • CWE-416: Use After Free •