CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-50444
https://notcve.org/view.php?id=CVE-2023-50444
By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force. De forma predeterminada, los contenedores ZED producidos por PRIMX ZED! • https://www.primx.eu/en/bulletins/security-bulletin-23B30874 https://www.primx.eu/fr/blog • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2023-50440
https://notcve.org/view.php?id=CVE-2023-50440
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim. Contenedores ZED producidos por PRIMX ZED! • https://www.primx.eu/en/bulletins/security-bulletin-23B30931 https://www.primx.eu/fr/blog •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50441
https://notcve.org/view.php?id=CVE-2023-50441
Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission) or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which folders are opened. Un atacante no autenticado puede modificar las carpetas cifradas creadas por PRIMX ZONECENTRAL para Windows antes de Q.2021.2 (envío de calificación ANSSI) o ZONECENTRAL para Windows antes de 2023.5 para incluir una referencia UNC que pueda activar el tráfico de red saliente desde las maquinas en las que se abren las carpetas. • https://www.primx.eu/en/bulletins/security-bulletin-23B3093A https://www.primx.eu/fr/blog •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50442
https://notcve.org/view.php?id=CVE-2023-50442
Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be modified by a local attacker (with appropriate privileges) so that specific file types are excluded from encryption temporarily. (This modification can, however, be detected, as described in the Administrator Guide.) Un atacante local (con los privilegios adecuados) puede modificar las carpetas cifradas creadas por PRIMX ZONECENTRAL hasta 2023.5 para que tipos de archivos específicos queden excluidos del cifrado temporalmente. (Sin embargo, esta modificación se puede detectar, como se describe en la Guía del administrador). • https://www.primx.eu/en/bulletins/security-bulletin-23B30933 https://www.primx.eu/fr/blog •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-50439
https://notcve.org/view.php?id=CVE-2023-50439
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ZED! for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before 2023.5, or ZEDMAIL for Windows before 2023.5 disclose the original path in which the containers were created, which allows an unauthenticated attacker to obtain some information regarding the context of use (project name, etc.). Contenedores ZED producidos por PRIMX ZED! para Windows anterior a Q.2020.3 (envío de calificación ANSSI), ZED! • https://www.primx.eu/en/bulletins/security-bulletin-23B30930 https://www.primx.eu/fr/blog •