CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-43021 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2023-43021
01 Dec 2023 — IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 266167. IBM InfoSphere Information Server 11.7 podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría usarse en futuros ataques contra el sistem... • https://exchange.xforce.ibmcloud.com/vulnerabilities/266167 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-42009 – IBM InfoSphere Information Server cross-site scripting
https://notcve.org/view.php?id=CVE-2023-42009
01 Dec 2023 — IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265504. IBM InfoSphere Information Server 11.7 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcional... • https://exchange.xforce.ibmcloud.com/vulnerabilities/265504 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-43015 – IBM InfoSphere Information Server cross-site scripting
https://notcve.org/view.php?id=CVE-2023-43015
01 Dec 2023 — IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266064. IBM InfoSphere Information Server 11.7 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcional... • https://exchange.xforce.ibmcloud.com/vulnerabilities/266064 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-38268 – IBM InfoSphere Information Server cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-38268
01 Dec 2023 — IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585. IBM InfoSphere Information Server 11.7 es vulnerable a cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía el sitio web. ID de IBM X-Force: 260585. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260585 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-45252
https://notcve.org/view.php?id=CVE-2023-45252
01 Dec 2023 — DLL Hijacking vulnerability in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, due to the installation of the service in a directory that grants write privileges to standard users, allows attackers to manipulate files, execute arbitrary code, and escalate privileges. Vulnerabilidad de secuestro de DLL en Huddly HuddlyCameraService anterior a la versión 8.0.7, sin incluir la versión 7.99, debido a la instalación del servicio en un directorio que otorga privilegios de escritura a ... • https://www.xlent.no/aktuelt/security-disclosure-of-vulnerabilities-cve-2023-45252-and-cve-2023-45253 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-45253
https://notcve.org/view.php?id=CVE-2023-45253
01 Dec 2023 — An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library. Se descubrió un problema en Huddly HuddlyCameraService anterior a la versión 8.0.7, sin incluir la versión 7.99, que permite a los atacantes manipular archivos y escalar privilegios a través del método RollingFileAppender.DeleteFile realizado por la librería log4net. • https://www.xlent.no/aktuelt/security-disclosure-of-vulnerabilities-cve-2023-45252-and-cve-2023-45253 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-4770 – Uncontrolled Search Path Element Vulnerability in 4D and 4D Windows Server
https://notcve.org/view.php?id=CVE-2023-4770
30 Nov 2023 — An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution. Se ha encontrado una vulnerabilidad no controlada en un elemento de ruta de búsqueda en aplicaciones ejecutables de Windows de 4D y 4D server, afectando a la versión 19 R8 100218. Esta vulnerabilidad consiste en un secues... • https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-search-path-element-vulnerability-4d-and-4d-windows-server • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-24023 – kernel: Bluetooth Forward and Future Secrecy Attacks and Defenses
https://notcve.org/view.php?id=CVE-2023-24023
28 Nov 2023 — Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS. Los dispositivos Bluetooth BR/EDR con emparejamiento simple seguro y emparejamiento de conexiones seguras en las especificaciones principales de Bluetooth 4.2 a 5.4 permiten ciertos ataques de intermediario que fuerzan una longi... • https://dl.acm.org/doi/10.1145/3576915.3623066 • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-49322
https://notcve.org/view.php?id=CVE-2023-49322
26 Nov 2023 — Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1. Cie... • https://www.withsecure.com/en/support/security-advisories/cve-2023-49322 •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0CVE-2023-49321
https://notcve.org/view.php?id=CVE-2023-49321
26 Nov 2023 — Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1. Cie... • https://www.withsecure.com/en/support/security-advisories/cve-2023-49321 •