CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-6407 – Schneider Electric APC Easy UPS Online deletePdfReportFile Directory Traversal Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-6407
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker. Existe una vulnerabilidad CWE-22: limitación inadecuada de un nombre de ruta a un directorio restringido ("Path Traversal") que podría causar la eliminación arbitraria de archivos al reiniciar el servicio cuando un atacante local y con pocos privilegios accede a él. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Schneider Electric APC Easy UPS Online. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the deletePdfReportFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-346-03.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35635 – Windows Kernel Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-35635
Windows Kernel Denial of Service Vulnerability Vulnerabilidad de denegación de servicio del kernel de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35635 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-35634 – Windows Bluetooth Driver Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35634
Windows Bluetooth Driver Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código del controlador Bluetooth de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35634 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-35631 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-35631
Win32k Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Win32k • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35631 •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-35630 – Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35630
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de conexión compartida a Internet (ICS) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35630 • CWE-122: Heap-based Buffer Overflow •