CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28859
https://notcve.org/view.php?id=CVE-2023-28859
NOTE: the solutions for CVE-2023-28859 address data leakage across AsyncIO connections in general. • https://github.com/redis/redis-py/issues/2665 https://github.com/redis/redis-py/pull/2641 https://github.com/redis/redis-py/pull/2666 https://github.com/redis/redis-py/releases/tag/v4.4.4 https://github.com/redis/redis-py/releases/tag/v4.5.4 • CWE-459: Incomplete Cleanup •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28444 – angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend
https://notcve.org/view.php?id=CVE-2023-28444
angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript (.ts) files during build time of an Angular CLI project. The detected environment variables are written to a ngssc.json file in the output directory. During deployment of an Angular based app, the environment variables based on the variables from ngssc.json are inserted into the apps index.html (or defined index file). With version 15.0.0 the environment variable detection was widened to the entire project, relative to the angular.json file from the Angular CLI. In a monorepo setup, this could lead to environment variables intended for a backend/service to be detected and written to the ngssc.json, which would then be populated and exposed via index.html. This has NO IMPACT, in a plain Angular project that has no backend component. • https://github.com/kyubisation/angular-server-side-configuration/commit/d701f51260637a84ede278e248934e0437a7ff86 https://github.com/kyubisation/angular-server-side-configuration/releases/tag/v15.1.0 https://github.com/kyubisation/angular-server-side-configuration/security/advisories/GHSA-gwvm-vrp4-4pp5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41354 – ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API
https://notcve.org/view.php?id=CVE-2022-41354
An information disclosure flaw was found in Argo CD. • http://argo.com https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq https://github.com/chunklhit/cve/blob/master/argo/argo-cd/application_enumeration.md https://access.redhat.com/security/cve/CVE-2022-41354 https://bugzilla.redhat.com/show_bug.cgi?id=2167820 • CWE-203: Observable Discrepancy •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20990
https://notcve.org/view.php?id=CVE-2023-20990
This could lead to local information disclosure with System execution privileges needed. • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20991
https://notcve.org/view.php?id=CVE-2023-20991
This could lead to local information disclosure with System execution privileges needed. • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •