CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-31036
https://notcve.org/view.php?id=CVE-2023-31036
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path traversal. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. NVIDIA Triton Inference Server para Linux y Windows contiene una vulnerabilidad en la que, cuando se inicia con la opción de línea de comando no predeterminada --model-control explicit, un atacante puede usar la API de carga del modelo para provocar un path traversal relativo. Una explotación exitosa de esta vulnerabilidad puede provocar la ejecución de código, denegación de servicio, escalada de privilegios, divulgación de información y manipulación de datos. • https://nvidia.custhelp.com/app/answers/detail/a_id/5509 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40250
https://notcve.org/view.php?id=CVE-2023-40250
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Hancom HCell on Windows allows Overflow Buffers.This issue affects HCell: 12.0.0.893. La vulnerabilidad de copia de búfer sin verificar el tamaño de la entrada ('desbordamiento de búfer clásico') en Hancom HCell en Windows permite desbordamiento de búferes. Este problema afecta a HCell: 12.0.0.893. • https://www.hancom.com/cs_center/csDownload.do?gnb0=25gnb1=80 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-51750
https://notcve.org/view.php?id=CVE-2023-51750
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules." ScaleFusion 10.5.2 no limita adecuadamente a los usuarios a la aplicación Edge porque pueden ocurrir descargas de archivos. • https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 • CWE-286: Incorrect User Management •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-51751
https://notcve.org/view.php?id=CVE-2023-51751
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode. ScaleFusion 10.5.2 no limita adecuadamente a los usuarios a la aplicación Edge porque se puede usar Alt-F4. • https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-20711 – Adobe Substance 3D Stager v2.1.1 Vulnerability VII
https://notcve.org/view.php?id=CVE-2024-20711
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 2.1.3 y anteriores de Adobe Substance 3D Stager se ven afectadas por una vulnerabilidad de lectura fuera de los límites que podría provocar la divulgación de memoria confidencial. Un atacante podría aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. • https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html • CWE-125: Out-of-bounds Read •