CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-34981 – Apache Tomcat: AJP response header mix-up
https://notcve.org/view.php?id=CVE-2023-34981
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak. • https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz https://security.netapp.com/advisory/ntap-20230714-0003 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35005 – Apache Airflow: Information disclosure on configuration view
https://notcve.org/view.php?id=CVE-2023-35005
In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive. This issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later. • https://github.com/apache/airflow/pull/31788 https://github.com/apache/airflow/pull/31820 https://lists.apache.org/thread/o4f2cxh0054m9tlxpb81c1yhylor5gjd • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32201
https://notcve.org/view.php?id=CVE-2023-32201
Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. • https://jvn.jp/en/vu/JVNVU98818508 https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32276
https://notcve.org/view.php?id=CVE-2023-32276
Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution. • https://jvn.jp/en/vu/JVNVU98818508 https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32270
https://notcve.org/view.php?id=CVE-2023-32270
Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution. • https://jvn.jp/en/vu/JVNVU98818508 https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •