CVSS: 6.7EPSS: 0%CPEs: 41EXPL: 0CVE-2023-20828
https://notcve.org/view.php?id=CVE-2023-20828
04 Sep 2023 — In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014144. en gps,existe una posible escritura fuera de límites debido a una comprobación de límites faltantes. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://corp.mediatek.com/product-security-bulletin/September-2023 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 56EXPL: 0CVE-2023-20821
https://notcve.org/view.php?id=CVE-2023-20821
04 Sep 2023 — In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113. En nvram, existe una posible escritura fuera de límites debido a una inexistente comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/September-2023 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-39348 – Improper log output when using GitHub Status Notifications in spinnaker
https://notcve.org/view.php?id=CVE-2023-39348
28 Aug 2023 — Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the risk is slightly higher than a "low" since token exposure could grant elevated access to repositories outside of control. If using READ restricted tokens, the exposure is such that the token itself coul... • https://github.com/spinnaker/echo/pull/1316 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2023-40025 – Argo CD web terminal session doesn't expire
https://notcve.org/view.php?id=CVE-2023-40025
23 Aug 2023 — Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most straightforward scenario is when a user opens the terminal view and leaves it open for an extended period. This allows the user to view sensitive information even when they should have been logged out already. • https://github.com/argoproj/argo-cd/commit/e047efa8f9518c54d00d2e4493b64bc4dba98478 • CWE-613: Insufficient Session Expiration •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39951 – Instrumentation for AWS SDK v2 captures email content when using Amazon Simple Email Service (SES) v1 API, exposing that content to the telemetry backend
https://notcve.org/view.php?id=CVE-2023-39951
08 Aug 2023 — OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email Service (SES) v1 API. When SES POST requests are instrumented, the query parameters of the request are inserted into the trace `url.path` field. This behavior leads to the http body, containing the email subject and me... • https://github.com/open-telemetry/opentelemetry-java-instrumentation/issues/8956 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.7EPSS: 0%CPEs: 11EXPL: 0CVE-2023-20805
https://notcve.org/view.php?id=CVE-2023-20805
07 Aug 2023 — In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326411. • https://corp.mediatek.com/product-security-bulletin/August-2023 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 11EXPL: 0CVE-2023-20804
https://notcve.org/view.php?id=CVE-2023-20804
07 Aug 2023 — In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326384. • https://corp.mediatek.com/product-security-bulletin/August-2023 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 11EXPL: 0CVE-2023-20803
https://notcve.org/view.php?id=CVE-2023-20803
07 Aug 2023 — In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326374. • https://corp.mediatek.com/product-security-bulletin/August-2023 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-20802
https://notcve.org/view.php?id=CVE-2023-20802
07 Aug 2023 — In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420976. • https://corp.mediatek.com/product-security-bulletin/August-2023 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 10EXPL: 0CVE-2023-20801
https://notcve.org/view.php?id=CVE-2023-20801
07 Aug 2023 — In imgsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420968. In imgsys, there is a possible use after free due to a race condition. • https://corp.mediatek.com/product-security-bulletin/August-2023 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •