CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4595 – Insertion of Sensitive Information into Externally-Accessible File or Directory in BVRP Software SLmail
https://notcve.org/view.php?id=CVE-2023-4595
23 Nov 2023 — An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca. Se ha encontrado una vulnerabilidad de exposición de información, cuya explotación podría permitir a un usuario remoto recuperar información confidencial almacena... • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4594 – Cross-site Scripting in BVRP Software SLmail
https://notcve.org/view.php?id=CVE-2023-4594
23 Nov 2023 — Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file. Vulnerabilidad XSS almacenada. Esta vulnerabilidad podría permitir a un atacante almacenar un payload de JavaScript malicioso mediante métodos GET y POST en múltiples parámetros en el archivo MailAdmin_dll.htm. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4593 – Path Traversal in BVRP Software SLmail
https://notcve.org/view.php?id=CVE-2023-4593
23 Nov 2023 — Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager's intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the 'dodoc' parameter in the /MailAdmin_dll.htm file. Vulnerabilidad de Path Traversal cuya explotación podría permitir a un usuario remoto autenticado eludir las restricciones previstas por SecurityManager y enumerar un directorio principal a través de cualquier nombre de archivo, com... • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46814
https://notcve.org/view.php?id=CVE-2023-46814
22 Nov 2023 — A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM. Existe una vulnerabilidad de secuestro binario en el reproductor multimedia VideoLAN VLC anterior a 3.0.19 en Windows. El desinstalador intenta ejecutar código con privilegios elevados desde una ubicación de escritura estándar po... • https://www.videolan.org/security/sb-vlc3019.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40363 – IBM InfoSphere Information Server privilege escalation
https://notcve.org/view.php?id=CVE-2023-40363
18 Nov 2023 — IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. IBM X-Force ID: 263332. IBM InfoSphere Information Server 11.7 podría permitir a un usuario autenticado cambiar los archivos de instalación debido a una configuración incorrecta de permisos de archivos. ID de IBM X-Force: 263332. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263332 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-26368 – Adobe InCopy Out-of-Bounds Read Vulnerability v1.0
https://notcve.org/view.php?id=CVE-2023-26368
16 Nov 2023 — Adobe InCopy versions 18.5 (and earlier) and 17.4.2 (and earlier) are affected by are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Adobe InCopy versiones 18.5 (y anteriores) y 17.4.2 (y anteriores) se ven afe... • https://helpx.adobe.com/security/products/incopy/apsb23-60.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-44332 – Adobe Photoshop 2023 CC 24.7 Memory Corruption Vulnerability II.
https://notcve.org/view.php?id=CVE-2023-44332
16 Nov 2023 — Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 24.7.1 (y anteriores) y 25.0 (y anteriores) de Adobe Photoshop se ven afectadas por una vulnerabilidad de lectura fuera de los límites que podría ... • https://helpx.adobe.com/security/products/photoshop/apsb23-56.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-44333 – Adobe Photoshop 2023 CC 24.7 Memory Corruption Vulnerability V.
https://notcve.org/view.php?id=CVE-2023-44333
16 Nov 2023 — Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 24.7.1 (y anteriores) y 25.0 (y anteriores) de Adobe Photoshop se ven afectadas por una vulnerabilidad de lectura fuera de los límites que podría ... • https://helpx.adobe.com/security/products/photoshop/apsb23-56.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-44331 – Adobe Photoshop 2023 CC 24.7 Memory Corruption Vulnerability IV.
https://notcve.org/view.php?id=CVE-2023-44331
16 Nov 2023 — Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 24.7.1 (y anteriores) y 25.0 (y anteriores) de Adobe Photoshop se ven afectadas por una vulnerabilidad de lectura fuera de los límites que podría ... • https://helpx.adobe.com/security/products/photoshop/apsb23-56.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-44335 – Adobe Photoshop 2023 CC 24.7 Memory Corruption Vulnerability I.
https://notcve.org/view.php?id=CVE-2023-44335
16 Nov 2023 — Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 24.7.1 (y anteriores) y 25.0 (y anteriores) de Adobe Photoshop se ven afectadas por una vulnerabilidad de lectura fuera de los límites que podría ... • https://helpx.adobe.com/security/products/photoshop/apsb23-56.html • CWE-125: Out-of-bounds Read •