CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-45193 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2023-45193
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759. El servidor federado IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.5 es vulnerable a una denegación de servicio cuando se utiliza un cursor especialmente manipulado. ID de IBM X-Force: 268759. • https://exchange.xforce.ibmcloud.com/vulnerabilities/268759 https://security.netapp.com/advisory/ntap-20240307-0001 https://www.ibm.com/support/pages/node/7105501 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-50308 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2023-50308
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393. IBM Db2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 11.5 bajo ciertas circunstancias podría permitir que un usuario autenticado en la base de datos provoque una denegación de servicio cuando se ejecuta una declaración en tablas de columnas. ID de IBM X-Force: 273393. • https://exchange.xforce.ibmcloud.com/vulnerabilities/273393 https://security.netapp.com/advisory/ntap-20240307-0001 https://www.ibm.com/support/pages/node/7105506 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-47746 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2023-47746
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 podría permitir que un usuario autenticado con privilegios CONNECT provoque una denegación de servicio mediante una consulta especialmente manipulada. ID de IBM X-Force: 272644. • https://exchange.xforce.ibmcloud.com/vulnerabilities/272644 https://security.netapp.com/advisory/ntap-20240307-0003 https://www.ibm.com/support/pages/node/7105505 • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0770 – European Chemicals Agency IUCLID Desktop Installer iuclid6.exe default permission
https://notcve.org/view.php?id=CVE-2024-0770
A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. VDB-251670 is the identifier assigned to this vulnerability. • https://imagebin.ca/v/7nx8zv3l62Kf https://vuldb.com/?ctiid.251670 https://vuldb.com/?id.251670 • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2024-23331 – Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem
https://notcve.org/view.php?id=CVE-2024-23331
Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area reduced to hosts having case-insensitive filesystems. Since `picomatch` defaults to case-sensitive glob matching, but the file server doesn't discriminate; a blacklist bypass is possible. • https://github.com/vitejs/vite/commit/91641c4da0a011d4c5352e88fc68389d4e1289a5 https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8rfc-w8vw https://vitejs.dev/config/server-options.html#server-fs-deny • CWE-178: Improper Handling of Case Sensitivity CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •