CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-30441 – IBM Java information disclosure
https://notcve.org/view.php?id=CVE-2023-30441
IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188. • https://exchange.xforce.ibmcloud.com/vulnerabilities/253188 https://www.ibm.com/support/pages/node/6985011 https://www.ibm.com/support/pages/node/6986617 https://www.ibm.com/support/pages/node/6986637 https://www.ibm.com/support/pages/node/6987167 https://access.redhat.com/security/cve/CVE-2023-30441 https://bugzilla.redhat.com/show_bug.cgi?id=2188465 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.6EPSS: 0%CPEs: 20EXPL: 0CVE-2023-1526
https://notcve.org/view.php?id=CVE-2023-1526
Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer. • https://support.hp.com/us-en/document/ish_7869666-7869691-16/hpsbpi03837 •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30853 – Gradle Build Action data written to GitHub Actions Cache may expose secrets
https://notcve.org/view.php?id=CVE-2023-30853
This data stored in the GitHub Actions cache can be read by a GitHub Actions workflow running in an untrusted context, such as that running for a Pull Request submitted by a developer via a repository fork. This vulnerability was discovered internally through code review, and we have not seen any evidence of it being exploited in the wild. However, in addition to upgrading the Gradle Build Action, affected users should delete any potentially vulnerable cache entries and may choose to rotate any potentially affected secrets. Gradle Build Action v2.4.2 and newer no longer saves this sensitive data for later use, preventing ongoing leakage of secrets via the GitHub Actions Cache. While upgrading to the latest version of the Gradle Build Action will prevent leakage of secrets going forward, additional actions may be required due to current or previous GitHub Actions Cache entries containing this information. Current cache entries will remain vulnerable until they are forcibly deleted or they expire naturally after 7 days of not being used. ... Compromise could occur if a user runs a GitHub Actions workflow for a pull request attempting to exploit this data. Warning signs to look for in a pull request include: - Making changes to GitHub Actions workflow files in a way that may attempt to read/extract data from the Gradle User Home or `<project-root>/.gradle` directories. - Making changes to Gradle build files or other executable files that may be invoked by a GitHub Actions workflow, in a way that may attempt to read/extract information from these locations. Some workarounds to limit the impact of this vulnerability are available: - If the Gradle project does not opt-in to using the configuration cache, then it is not vulnerable. - If the Gradle project does opt-in to using the configuration-cache by default, then the `--no-configuration-cache` command-line argument can be used to disable this feature in a GitHub Actions workflow. In any case, we recommend that users carefully inspect any pull request before approving the execution of GitHub Actions workflows. • https://github.com/gradle/gradle-build-action/releases/tag/v2.4.2 https://github.com/gradle/gradle-build-action/security/advisories/GHSA-h3qr-39j9-4r5v • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2360
https://notcve.org/view.php?id=CVE-2023-2360
Sensitive information disclosure due to CORS misconfiguration. • https://security-advisory.acronis.com/advisories/SEC-4215 • CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-27557 – IBM Safter Payments information disclosure
https://notcve.org/view.php?id=CVE-2023-27557
IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 249192. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249192 https://www.ibm.com/support/pages/node/6985603 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •