CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2023-25499 – Possible information disclosure in non visible components
https://notcve.org/view.php?id=CVE-2023-25499
When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure. • https://github.com/vaadin/flow/pull/15885 https://vaadin.com/security/CVE-2023-25499 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2023-33842 – IBM SPSS Modeler information disclosure
https://notcve.org/view.php?id=CVE-2023-33842
IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117. • https://exchange.xforce.ibmcloud.com/vulnerabilities/256117 https://https://www.ibm.com/support/pages/node/7004299 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-34981 – Apache Tomcat: AJP response header mix-up
https://notcve.org/view.php?id=CVE-2023-34981
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak. • https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz https://security.netapp.com/advisory/ntap-20230714-0003 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35005 – Apache Airflow: Information disclosure on configuration view
https://notcve.org/view.php?id=CVE-2023-35005
In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive. This issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later. • https://github.com/apache/airflow/pull/31788 https://github.com/apache/airflow/pull/31820 https://lists.apache.org/thread/o4f2cxh0054m9tlxpb81c1yhylor5gjd • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32201
https://notcve.org/view.php?id=CVE-2023-32201
Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. • https://jvn.jp/en/vu/JVNVU98818508 https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php • CWE-787: Out-of-bounds Write •