CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-44212
https://notcve.org/view.php?id=CVE-2023-44212
05 Oct 2023 — Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31477. Divulgación y manipulación de información sensible por falta de autorización. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilación 31477. • https://security-advisory.acronis.com/SEC-2159 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-43799 – The Altair Desktop Client Does Not Sanitize External URLs before passing them to the underlying system
https://notcve.org/view.php?id=CVE-2023-43799
04 Oct 2023 — Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL Client Desktop Application does not sanitize external URLs before passing them to the underlying system. Moreover, Altair GraphQL Client also does not isolate the context of the renderer process. This affects versions of the software running on MacOS, Windows, and Linux. Version 5.2.5 fixes this issue. • https://github.com/altair-graphql/altair/releases/tag/v5.2.5 • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-44210
https://notcve.org/view.php?id=CVE-2023-44210
04 Oct 2023 — Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29258. Divulgación y manipulación de información sensible por falta de autorización. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilación 29258. • https://security-advisory.acronis.com/SEC-5528 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-44209
https://notcve.org/view.php?id=CVE-2023-44209
04 Oct 2023 — Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29051. Escalada de privilegios locales debido a un manejo inadecuado de enlaces blandos. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilación 29051. • https://security-advisory.acronis.com/advisories/SEC-2119 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-44208
https://notcve.org/view.php?id=CVE-2023-44208
04 Oct 2023 — Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713. Divulgación y manipulación de información sensible por falta de autorización. Los siguientes productos se ven afectados: Acronis Cyber Protect Home Office (Windows) anterior a la compilación 40713. • https://security-advisory.acronis.com/advisories/SEC-6587 • CWE-862: Missing Authorization •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-3440 – File and Directory Permission Vulnerability in JP1/Performance Management
https://notcve.org/view.php?id=CVE-2023-3440
03 Oct 2023 — Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management - Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management - Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for HiRDB: ... • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-145/index.html • CWE-276: Incorrect Default Permissions •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 1CVE-2023-5257 – WhiteHSBG JNDIExploit HTTPServer.java handleFileRequest path traversal
https://notcve.org/view.php?id=CVE-2023-5257
29 Sep 2023 — A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It has been rated as problematic. Affected by this issue is the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. • https://github.com/WhiteHSBG/JNDIExploit/issues/10 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2023-41444
https://notcve.org/view.php?id=CVE-2023-41444
28 Sep 2023 — An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver. Un problema en Binalyze IREC.sys v.3.11.0 y anteriores permite a un atacante local ejecutar código arbitrario y escalar privilegios a través de la función fun_1400084d0 en el controlador IREC.sys. • https://blog.dru1d.ninja/windows-driver-exploit-development-irec-sys-a5eb45093945 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5174 – Gentoo Linux Security Advisory 202402-25
https://notcve.org/view.php?id=CVE-2023-5174
27 Sep 2023 — If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This bug only affects Firefox on Windows when run in non-standard configurations (such as using `runas`). Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Si Windows no pudo duplicar un identificador durante la creación del proceso, es ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1848454 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5168 – Gentoo Linux Security Advisory 202402-25
https://notcve.org/view.php?id=CVE-2023-5168
27 Sep 2023 — A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Un proceso de contenido comprometido podría haber proporcionado datos maliciosos a `FilterNodeD2D1`, lo que habría resultado en una escritura fuera de... • https://bugzilla.mozilla.org/show_bug.cgi?id=1846683 • CWE-787: Out-of-bounds Write •