CVE-2023-41104
https://notcve.org/view.php?id=CVE-2023-41104
libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use. • https://docs.varnish-software.com/security/VSV00012 https://github.com/varnish/libvmod-digest/releases/tag/libvmod-digest-1.0.3 https://www.varnish-cache.org/security/VSV00012.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2023-35720 – ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-35720
ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability. • https://www.asus.com/networking-iot-servers/whole-home-mesh-wifi-system/aimesh-wifi-routers-and-systems/rt-ax92u/helpdesk_bios/?model2Name=RT-AX92U https://www.zerodayinitiative.com/advisories/ZDI-23-1166 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-40370 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-40370
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263470 https://www.ibm.com/support/pages/node/7028218 •
CVE-2023-38733 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-38733
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262293 https://www.ibm.com/support/pages/node/7028223 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2023-33850 – IBM GSKit-Crypto information disclosure
https://notcve.org/view.php?id=CVE-2023-33850
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132. IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257132 https://www.ibm.com/support/pages/node/7010369 https://www.ibm.com/support/pages/node/7022413 https://www.ibm.com/support/pages/node/7022414 • CWE-203: Observable Discrepancy •