CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-1786 – sensitive data exposure in cloud-init logs
https://notcve.org/view.php?id=CVE-2023-1786
Sensitive data could be exposed in logs of cloud-init before version 23.1.2. ... With this flaw, exposure of sensitive data is possible in world-readable cloud-init logs. • https://bugs.launchpad.net/cloud-init/+bug/2013967 https://github.com/canonical/cloud-init/commit/a378b7e4f47375458651c0972e7cd813f6fe0a6b https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ATBJSXPL2IOAD2LDQRKWPLIC7QXS44GZ https://ubuntu.com/security/notices/USN-6042-1 https://access.redhat.com/security/cve/CVE-2023-1786 https://bugzilla.redhat.com/show_bug.cgi?id=2190079 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20870 – VMware Workstation UHCI Component Uninitialized Variable Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-20870
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the UHCI component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the hypervisor. • https://www.vmware.com/security/advisories/VMSA-2023-0008.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28127 – Ivanti Avalanche getLogFile Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-28127
A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure. • https://forums.ivanti.com/s/article/ZDI-CAN-17769-Ivanti-Avalanche-getLogFile-Directory-Traversal-Information-Disclosure? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25514
https://notcve.org/view.php?id=CVE-2023-25514
A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5456 • CWE-125: Out-of-bounds Read •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25513
https://notcve.org/view.php?id=CVE-2023-25513
A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5456 • CWE-125: Out-of-bounds Read •