CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-6407 – Schneider Electric APC Easy UPS Online deletePdfReportFile Directory Traversal Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-6407
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker. Existe una vulnerabilidad CWE-22: limitación inadecuada de un nombre de ruta a un directorio restringido ("Path Traversal") que podría causar la eliminación arbitraria de archivos al reiniciar el servicio cuando un atacante local y con pocos privilegios accede a él. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Schneider Electric APC Easy UPS Online. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the deletePdfReportFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-346-03.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-35622 – Windows DNS Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-35622
Windows DNS Spoofing Vulnerability Vulnerabilidad de suplantación de DNS de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35622 •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-35632 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-35632
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Controlador de función auxiliar de Windows para la vulnerabilidad de elevación de privilegios de WinSock • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35632 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-35630 – Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35630
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de conexión compartida a Internet (ICS) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35630 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.1EPSS: 1%CPEs: 15EXPL: 0CVE-2023-35628 – Windows MSHTML Platform Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35628
Windows MSHTML Platform Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en la plataforma Windows MSHTML • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35628 • CWE-416: Use After Free •