CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2023-1916
https://notcve.org/view.php?id=CVE-2023-1916
A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. • https://gitlab.com/libtiff/libtiff/-/issues/536 https://gitlab.com/libtiff/libtiff/-/issues/536%2C https://gitlab.com/libtiff/libtiff/-/issues/537 https://support.apple.com/kb/HT213844 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43928 – IBM Db2 Mirror for i information disclosure
https://notcve.org/view.php?id=CVE-2022-43928
The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memory over an indefinite amount of time. IBM has addressed this issue by reducing the amount of time the sensitive data is visible in memory. IBM X-Force ID: 241675. • https://exchange.xforce.ibmcloud.com/vulnerabilities/241675 https://www.ibm.com/support/pages/node/6981113 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34333 – IBM Sterling Order Management information disclosure
https://notcve.org/view.php?id=CVE-2022-34333
IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229698 https://www.ibm.com/support/pages/node/6981917 • CWE-521: Weak Password Requirements •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0580 – Information Disclosure vulnerability in My Control System (on-premise)
https://notcve.org/view.php?id=CVE-2023-0580
Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability: User Interface System Monitoring1 Asset Inventory This issue affects My Control System (on-premise): from 5.0;0 through 5.13. • https://search.abb.com/library/Download.aspx?DocumentID=7PAA007893&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 4.4EPSS: 0%CPEs: 42EXPL: 0CVE-2023-20674
https://notcve.org/view.php?id=CVE-2023-20674
This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/April-2023 • CWE-125: Out-of-bounds Read •