CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1513 – kernel: KVM: information leak in KVM_GET_DEBUGREGS ioctl on 32-bit systems
https://notcve.org/view.php?id=CVE-2023-1513
When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. • https://bugzilla.redhat.com/show_bug.cgi?id=2179892 https://github.com/torvalds/linux/commit/2c10b61421a28e95a46ab489fd56c0f442ff6952 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://lore.kernel.org/kvm/20230214103304.3689213-1-gregkh%40linuxfoundation.org https://access.redhat.com/security/cve/CVE-2023-1513 • CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 90%CPEs: 1EXPL: 16CVE-2023-28432 – MinIO Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-28432
In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. ... In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD, resulting in information disclosure. ... MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure. • https://github.com/0xRulez/CVE-2023-28432 https://github.com/C1ph3rX13/CVE-2023-28432 https://github.com/MzzdToT/CVE-2023-28432 https://github.com/Mr-xn/CVE-2023-28432 https://github.com/yTxZx/CVE-2023-28432 https://github.com/gobysec/CVE-2023-28432 https://github.com/acheiii/CVE-2023-28432 https://github.com/Cuerz/CVE-2023-28432 https://github.com/Chocapikk/CVE-2023-28432 https://github.com/netuseradministrator/CVE-2023-28432 https://github.com/bingtangbanli/CVE& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1574
https://notcve.org/view.php?id=CVE-2023-1574
Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text. • https://devolutions.net/security/advisories/DEVO-2023-0006 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2023-25686 – IBM Security Key Lifecycle Manager information disclosure
https://notcve.org/view.php?id=CVE-2023-25686
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 247601. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247601 https://www.ibm.com/support/pages/node/6962729 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-25688 – IBM Security Key Lifecycle Manager information disclosure
https://notcve.org/view.php?id=CVE-2023-25688
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 247606. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247606 https://www.ibm.com/support/pages/node/6962729 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •