CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32330 – IBM Security Verify Access man in the middle
https://notcve.org/view.php?id=CVE-2023-32330
IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254977 https://www.ibm.com/support/pages/node/7106586 • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32328 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2023-32328
IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254657 https://www.ibm.com/support/pages/node/7106586 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22012
https://notcve.org/view.php?id=CVE-2024-22012
This could lead to local escalation of privilege with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://source.android.com/security/bulletin/pixel/2024-02-01 • CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24810 – WiX is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
https://notcve.org/view.php?id=CVE-2024-24810
The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. • https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5 • CWE-426: Untrusted Search Path •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46914
https://notcve.org/view.php?id=CVE-2023-46914
SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via ics_export.php. • https://security.friendsofpresta.org/modules/2024/02/06/bookingcalendar.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •