CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26458 – Information Disclosure vulnerability in SAP Landscape Management
https://notcve.org/view.php?id=CVE-2023-26458
An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system. • https://launchpad.support.sap.com/#/notes/3312733 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2023-28267 – Remote Desktop Protocol Client Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-28267
Remote Desktop Protocol Client Information Disclosure Vulnerability This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28267 • CWE-126: Buffer Over-read •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2022-30076 – ENTAB ERP 1.0 - Username PII leak
https://notcve.org/view.php?id=CVE-2022-30076
ENTAB ERP version 1.0 suffers from a username information leak due to a lack of rate limiting. • https://www.exploit-db.com/exploits/51335 http://packetstormsecurity.com/files/171777/ENTAB-ERP-1.0-Information-Disclosure.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26495 – Siemens Solid Edge Viewer DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-26495
An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can force the SDK to reuse an object that has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. • https://www.opendesign.com/security-advisories • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1809 – Download Manager Pro < 6.3.0 - Unauthenticated Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2023-1809
The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files. The Download Manager Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.2.9 due to the plugin leaking the master key. This can allow unauthenticated attackers to retrieve the key and extract sensitive data contained in password protected package files. • https://wpscan.com/vulnerability/57f0a078-fbeb-4b05-8892-e6d99edb82c1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •