CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-36696 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36696
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del controlador del minifiltro de archivos en la nube de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36696 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-48677
https://notcve.org/view.php?id=CVE-2023-48677
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901. Escalada de privilegios locales debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos se ven afectados: Acronis Cyber Protect Home Office (Windows) anterior a la compilación 40901. • https://security-advisory.acronis.com/advisories/SEC-5620 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-48861
https://notcve.org/view.php?id=CVE-2023-48861
DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll. Vulnerabilidad de secuestro de DLL en TTplayer versión 7.0.2, permite a atacantes locales escalar privilegios y ejecutar código arbitrario a través de urlmon.dll. • https://github.com/xieqiang11/POC4/blob/main/README.md • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 1CVE-2023-5808 – System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products are susceptible to unintended information disclosure via unprivileged access to HNAS configuration backup and diagnostic data.
https://notcve.org/view.php?id=CVE-2023-5808
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role. La divulgación de información en SMU en Hitachi Vantara HNAS 14.8.7825.01 en Windows permite a los usuarios autenticados descargar archivos confidenciales a través de Insecure Direct Object Reference (IDOR). Hitachi NAS SMU Backup and Restore versions prior to 14.8.7825.01 suffer from an insecure direct object reference vulnerability. • https://github.com/Arszilla/CVE-2023-5808 https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_are_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_HNAS_configuration_backup_and_diagnostic_data. • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29258 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2023-29258
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.1 y 11.5 es vulnerable a una denegación de servicio a través de una consulta federada especialmente manipulada en objetos de federación específicos. ID de IBM X-Force: 252048. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252048 https://security.netapp.com/advisory/ntap-20240112-0002 https://www.ibm.com/support/pages/node/7087218 • CWE-20: Improper Input Validation •