CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20983
https://notcve.org/view.php?id=CVE-2023-20983
This could lead to local information disclosure with System execution privileges needed. • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21011
https://notcve.org/view.php?id=CVE-2023-21011
This could lead to local information disclosure with System execution privileges needed. • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-28442 – Geoserver for GeoNode sensitive information leak
https://notcve.org/view.php?id=CVE-2023-28442
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. ... For existing setups, the patch must be applied manually inside the Geoserver data directory. • https://github.com/GeoNode/geonode/security/advisories/GHSA-87mh-vw7c-5v6w https://github.com/GeoNode/geoserver-geonode-ext/blob/2.20.7/data/security/rest.properties https://github.com/GeoNode/geoserver-geonode-ext/commit/f44cb074d8361c0f4e625013675bdd7bd8203df6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37704
https://notcve.org/view.php?id=CVE-2022-37704
The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure. • https://github.com/MaherAzzouzi/CVE-2022-37704 http://www.amanda.org https://github.com/zmanda/amanda/issues/192 https://github.com/zmanda/amanda/pull/197 https://github.com/zmanda/amanda/pull/205 https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3 https://lists.debian.org/debian-lts-announce/2023/02/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK https://lists.fedoraproject.org/a • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20059 – Cisco DNA Center Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-20059
A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper role-based access control (RBAC) with the integration of PnP. An attacker could exploit this vulnerability by authenticating to the device and sending a query to an internal API. A successful exploit could allow the attacker to view sensitive information in clear text, which could include configuration files. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-infodisc-pe7zAbdR • CWE-312: Cleartext Storage of Sensitive Information CWE-555: J2EE Misconfiguration: Plaintext Password in Configuration File •