CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-45702 – HCL Launch Agent as a Windows service is vulnerable to a Denial of Service
https://notcve.org/view.php?id=CVE-2023-45702
An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts.. Un agente de implementación HCL UrbanCode instalado como un servicio de Windows en una ubicación no estándar podría estar sujeto a un ataque de denegación de servicio por parte de cuentas locales. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108646 •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2021-38927 – IBM Aspera Console cross-site scripting
https://notcve.org/view.php?id=CVE-2021-38927
IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210322. IBM Aspera Console 3.4.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/210322 https://www.ibm.com/support/pages/node/7101252 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-7047
https://notcve.org/view.php?id=CVE-2023-7047
Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL data sources. La validación inadecuada de permisos al emplear herramientas remotas y macros a través del menú contextual dentro de las versiones 2023.3.31 y anteriores de Devolutions Remote Desktop Manager permite a un usuario iniciar una conexión sin los derechos de ejecución adecuados a través de la función de herramientas remotas. Esto afecta sólo a las fuentes de datos SQL. • https://devolutions.net/security/advisories/DEVO-2023-0024 •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-29486
https://notcve.org/view.php?id=CVE-2023-29486
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component. Se descubrió un problema en las versiones 3.4.2 y anteriores al 3.7.0 del agente Heimdal Thor en Windows, que permite a los atacantes omitir las restricciones de acceso USB, ejecutar código arbitrario y obtener información confidencial a través del componente antivirus de próxima generación. An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component. NOTE: Heimdal argues that the limitation described here is a Microsoft Windows issue, not a Heimdal specific vulnerability. The USB control solution by Heimdal is meant to manage Microsoft Windows native USB restrictions. • https://medium.com/%40drabek.a/weaknesses-in-heimdal-thors-line-of-products-9d0e5095fb93 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 1CVE-2023-29487
https://notcve.org/view.php?id=CVE-2023-29487
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module. Se descubrió un problema en las versiones 3.4.2 y anteriores del agente Heimdal Thor en Windows y 2.6.9 y anteriores en macOS, que permite a los atacantes provocar una denegación de servicio (DoS) a través del módulo de prevención de amenazas Threat To Process Correlation. An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module. NOTE: Heimdal asserts this is not a valid vulnerability. Their DNS Security for Endpoint solution includes an optional feature to provide extra information on the originating process that made a DNS request. • https://medium.com/%40drabek.a/weaknesses-in-heimdal-thors-line-of-products-9d0e5095fb93 • CWE-1333: Inefficient Regular Expression Complexity •