Page 471 of 10613 results (0.046 seconds)

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-35890 – IBM WebSphere Application Server information disclosure

https://notcve.org/view.php?id=CVE-2023-35890

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637. IBM WebSphere Application Server v8.5 y v9.0 podrían proporcionar una seguridad más débil de lo esperado, causada por la codificación incorrecta en un archivo de configuración local. ID de IBM X-Force: 258637. • https://https://www.ibm.com/support/pages/node/7007857 https://www.ibm.com/support/pages/node/7007857 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-35934 – yt-dlp File Downloader cookie leak

https://notcve.org/view.php?id=CVE-2023-35934

During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host. ... This also occurs in yt-dlp's info JSON output, which may be used by external tools. As a result, the downloader or external tool may indiscriminately send cookies with requests to domains or paths for which the cookies are not scoped. yt-dlp version 2023.07.06 and nightly 2023.07.06.185519 fix this issue by removing the `Cookie` header upon HTTP redirects; having native downloaders calculate the `Cookie` header from the cookiejar, utilizing external downloaders' built-in support for cookies instead of passing them as header arguments, disabling HTTP redirectiong if the external downloader does not have proper cookie support, processing cookies passed as HTTP headers to limit their scope, and having a separate field for cookies in the info dict storing more information about scoping Some workarounds are available for those who are unable to upgrade. ... Alternatively, avoid using `--load-info-json`. • https://github.com/yt-dlp/yt-dlp-nightly-builds/releases/tag/2023.07.06.185519 https://github.com/yt-dlp/yt-dlp/commit/1ceb657bdd254ad961489e5060f2ccc7d556b729 https://github.com/yt-dlp/yt-dlp/commit/3121512228487c9c690d3d39bfd2579addf96e07 https://github.com/yt-dlp/yt-dlp/commit/f8b4bcc0a791274223723488bfbfc23ea3276641 https://github.com/yt-dlp/yt-dlp/releases/tag/2023.07.06 https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj https://lists.fedoraproject.org/archives/list/package • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0

CVE-2023-35977 – Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface

https://notcve.org/view.php?id=CVE-2023-35977

Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt •

CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0

CVE-2023-35976 – Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface

https://notcve.org/view.php?id=CVE-2023-35976

Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-33201 – bouncycastle: potential blind LDAP injection attack using a self-signed certificate

https://notcve.org/view.php?id=CVE-2023-33201

Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. • https://bouncycastle.org https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc https://github.com/bcgit/bc-java/wiki/CVE-2023-33201 https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html https://security.netapp.com/advisory/ntap-20230824-0008 https://access.redhat.com/security/cve/CVE-2023-33201 https://bugzilla.redhat.com/show_bug.cgi?id=2215465 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-295: Improper Certificate Validation •