CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2023-35977 – Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface
https://notcve.org/view.php?id=CVE-2023-35977
Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2023-35976 – Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface
https://notcve.org/view.php?id=CVE-2023-35976
Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33201 – bouncycastle: potential blind LDAP injection attack using a self-signed certificate
https://notcve.org/view.php?id=CVE-2023-33201
Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. • https://bouncycastle.org https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc https://github.com/bcgit/bc-java/wiki/CVE-2023-33201 https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html https://security.netapp.com/advisory/ntap-20230824-0008 https://access.redhat.com/security/cve/CVE-2023-33201 https://bugzilla.redhat.com/show_bug.cgi?id=2215465 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-295: Improper Certificate Validation •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-3247 – Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP
https://notcve.org/view.php?id=CVE-2023-3247
A vulnerability was found in PHP where the weak randomness affects applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP allows a remote authenticated attackers to cause a stack information leak. • https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw https://access.redhat.com/security/cve/CVE-2023-3247 https://bugzilla.redhat.com/show_bug.cgi?id=2219290 • CWE-252: Unchecked Return Value CWE-330: Use of Insufficiently Random Values CWE-334: Small Space of Random Values •
CVSS: 6.2EPSS: 0%CPEs: 134EXPL: 0CVE-2023-21624 – Information Exposure in DSP Services
https://notcve.org/view.php?id=CVE-2023-21624
Information disclosure in DSP Services while loading dynamic module. • https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •