CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1681 – Xunrui CMS test.php information disclosure
https://notcve.org/view.php?id=CVE-2023-1681
The manipulation leads to information disclosure. ... Durch die Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/2714925725/CMS-bug/blob/main/Informationdisclosure-1.md https://vuldb.com/?ctiid.224238 https://vuldb.com/?id.224238 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-27929 – Apple macOS KTX Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-27929
Crafted data in a KTX image can trigger a read past the end of an allocated buffer. • https://support.apple.com/en-us/HT213670 https://support.apple.com/en-us/HT213674 https://support.apple.com/en-us/HT213676 https://support.apple.com/en-us/HT213678 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28630 – Sensitive information disclosure possible on misconfigured failed backups of non-H2 databases in gocd
https://notcve.org/view.php?id=CVE-2023-28630
GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0, if the server environment is not correctly configured by administrators to provide access to the relevant PostgreSQL or MySQL backup tools, the credentials for database access may be unintentionally leaked to admin alerts on the GoCD user interface. The vulnerability is triggered only if the GoCD server host is misconfigured to have backups enabled, but does not have access to the `pg_dump` or `mysqldump` utility tools to backup the configured database type (PostgreSQL or MySQL respectively). In such cases, failure to launch the expected backup utility reports the shell environment used to attempt to launch in the server admin alert, which includes the plaintext database password supplied to the configured tool. This vulnerability does not affect backups of the default on-disk H2 database that GoCD is configured to use. • https://github.com/gocd/gocd/commit/6545481e7b36817dd6033bf614585a8db242070d https://github.com/gocd/gocd/releases/tag/23.1.0 https://github.com/gocd/gocd/security/advisories/GHSA-p95w-gh78-qjmv https://www.gocd.org/releases/#23-1-0 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1079 – kernel: hid: Use After Free in asus_remove()
https://notcve.org/view.php?id=CVE-2023-1079
A malicious USB device may exploit the issue to cause memory corruption with controlled data. ... This issue could allow an attacker to crash the system when plugging in or disconnecting a malicious USB device, which may lead to a kernel information leak problem. • https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=4ab3a086d10eeec1424f2e8a968827a6336203df https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://access.redhat.com/security/cve/CVE-2023-1079 https://bugzilla.redhat.com/show_bug.cgi?id=2173444 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2023-22251 – Adobe Commerce Incorrect Authorization Security feature bypass
https://notcve.org/view.php?id=CVE-2023-22251
A low-privileged authenticated attacker could leverage this vulnerability to achieve minor information disclosure. • https://helpx.adobe.com/security/products/magento/apsb23-17.html • CWE-863: Incorrect Authorization •