CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-21991 – Oracle VirtualBox VGA MMIO Handling Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-21991
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. • https://www.oracle.com/security-alerts/cpuapr2023.html •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-21989 – Oracle VirtualBox OHCI USB Controller Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-21989
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. • https://www.oracle.com/security-alerts/cpuapr2023.html •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-21988 – Oracle VirtualBox GPA Request Handling Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-21988
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. • https://www.oracle.com/security-alerts/cpuapr2023.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22307 – Site-Passwords in GET parameters
https://notcve.org/view.php?id=CVE-2023-22307
Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.4 allows local attacker to retrieve passwords via reading log files. • https://checkmk.com/werk/9522 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-598: Use of GET Request Method With Sensitive Query Strings CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27909 – Microsoft Office Word FBX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-27909
An Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK version 2020 or prior may lead to code execution through maliciously crafted FBX files or information disclosure. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004 • CWE-787: Out-of-bounds Write •