CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2023-36719 – Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36719
14 Nov 2023 — Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de Microsoft Speech Application Programming Interface (SAPI). • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36719 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-6006 – Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-6006
14 Nov 2023 — This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must be able to write into the local C Drive. In addition, the attacker must have admin privileges to enable Print Archiving or encounter a misconfigured system. This vulnerability does not apply to PaperCut NG installs that have Print Archiving enabled and configured as per the recommended set up procedure. This specific flaw exists within the pc-pdl-to-image process. • https://www.papercut.com/kb/Main/CommonSecurityQuestions • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-45284 – Incorrect detection of reserved device names on Windows in path/filepath
https://notcve.org/view.php?id=CVE-2023-45284
09 Nov 2023 — On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local. En Windows, la función IsLocal no detecta correctamente los nombres de dispositivos reservados en algunos casos. Los nombres reservados seguidos de espacios, como "COM1", y los nombres reserva... • https://go.dev/cl/540277 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-45283 – Insecure parsing of Windows paths with a \??\ prefix in path/filepath
https://notcve.org/view.php?id=CVE-2023-45283
09 Nov 2023 — The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. • http://www.openwall.com/lists/oss-security/2023/12/05/2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4891
https://notcve.org/view.php?id=CVE-2023-4891
08 Nov 2023 — A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service. Se informó de una posible vulnerabilidad de use-after-free en el controlador Lenovo View que podría provocar una denegación de servicio. • https://support.lenovo.com/us/en/product_security/LEN-135344 • CWE-416: Use After Free •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47113 – DLL Search Order Hijacking vulnerability in BleachBit for Windows
https://notcve.org/view.php?id=CVE-2023-47113
08 Nov 2023 — BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0. BleachBit limpia archivos para liberar espacio en el disco y mantener la privacidad. • https://github.com/bleachbit/bleachbit/security/advisories/GHSA-j8jc-f6p7-55p8 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4996 – Local privilege escalation
https://notcve.org/view.php?id=CVE-2023-4996
06 Nov 2023 — Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service. Netskope fue informado de una vulnerabil... • https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003 • CWE-281: Improper Preservation of Permissions •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-35896 – IBM Content Navigator server-side request forgery
https://notcve.org/view.php?id=CVE-2023-35896
03 Nov 2023 — IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247. IBM Content Navigator 3.0.13 es vulnerable a server-side request forgery (SSRF). Esto puede permitir que un atacante autenticado envíe solicitudes no autorizadas desde el sistema, lo que podría provocar la enumeración de la red o facilitar otro... • https://exchange.xforce.ibmcloud.com/vulnerabilities/259247 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2023-42029 – IBM CICS TX cross-site scripting
https://notcve.org/view.php?id=CVE-2023-42029
02 Nov 2023 — IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059. IBM CICS TX Standard 11.1, Advanced 10.1, 11.1 y TXSeries para multiplataformas 8.1, 8.2, 9.1 son vulnerables a cross site scripting. Esta vulnerabilidad permit... • https://exchange.xforce.ibmcloud.com/vulnerabilities/266059 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2023-42027 – IBM CICS TX cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-42027
02 Nov 2023 — IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057. IBM CICS TX Standard 11.1, Advanced 10.1, 11.1 y TXSeries for Multiplatforms 8.1, 8.2, 9.1 son vulnerables a cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas tran... • https://exchange.xforce.ibmcloud.com/vulnerabilities/266057 • CWE-352: Cross-Site Request Forgery (CSRF) •