CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38369 – IBM Security Access Manager Container information disclosure
https://notcve.org/view.php?id=CVE-2023-38369
IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/261196 https://www.ibm.com/support/pages/node/7106586 • CWE-521: Weak Password Requirements •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32330 – IBM Security Verify Access man in the middle
https://notcve.org/view.php?id=CVE-2023-32330
IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254977 https://www.ibm.com/support/pages/node/7106586 • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32328 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2023-32328
IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254657 https://www.ibm.com/support/pages/node/7106586 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22012
https://notcve.org/view.php?id=CVE-2024-22012
This could lead to local escalation of privilege with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://source.android.com/security/bulletin/pixel/2024-02-01 • CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24810 – WiX is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
https://notcve.org/view.php?id=CVE-2024-24810
The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. • https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5 • CWE-426: Untrusted Search Path •