CVSS: 5.6EPSS: 0%CPEs: 301EXPL: 1CVE-2023-20569 – amd: Return Address Predictor vulnerability leading to information disclosure
https://notcve.org/view.php?id=CVE-2023-20569
08 Aug 2023 — A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. Una vulnerabilidad de canal lateral en algunas de las CPU de AMD puede permitir que un atacante influya en la predicción de la dirección de retorno. Esto puede dar lugar a una ejecución especulativa en una dirección controlada por el atacante, lo que podría conducir a l... • http://www.openwall.com/lists/oss-security/2023/08/08/4 • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-32783
https://notcve.org/view.php?id=CVE-2023-32783
07 Aug 2023 — The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix. NOTE: the vendor states "We do not consider this as a security bug and it's an expected behaviour." • https://www.peteslade.com/post/manageengine-adauditplus-cve-2023-32783 • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 94%CPEs: 3EXPL: 2CVE-2023-39143
https://notcve.org/view.php?id=CVE-2023-39143
04 Aug 2023 — PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration). PaperCut NG y PaperCut MF antes de 22.1.3 en Windows permiten atravesar rutas, lo que permite a los atacantes cargar, leer o eliminar archivos arbitrarios. Esto conduce a la ejecución remota de código cuando la integración de dispositivos externos está habilitada... • https://github.com/codeb0ss/CVE-2023-39143 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.4EPSS: 0%CPEs: 11EXPL: 1CVE-2023-4136 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafter Engine
https://notcve.org/view.php?id=CVE-2023-4136
03 Aug 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27. CrafterCMS versions 4.0.2 and below suffer from multiple cross site scripting vulnerabilities. • https://packetstorm.news/files/id/174304 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-32764
https://notcve.org/view.php?id=CVE-2023-32764
03 Aug 2023 — Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator. • https://help.supportservices.fabasoft.com/index.php?topic=doc/Vulnerabilities-Fabasoft-Folio/vulnerabilities-2023.htm#client-autoupdate-harmful-code-installation-vulnerability-pdo06614- •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-36858 – BIG-IP Edge Client for Windows and macOS vulnerability
https://notcve.org/view.php?id=CVE-2023-36858
02 Aug 2023 — An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de verificación insuficiente de datos en BIG-IP Edge Client para Windows y macOS que puede permitir a un atacante modificar su lista de servidores configurados. Nota: No se evalúan las versiones de software que han alcanzado ... • https://my.f5.com/manage/s/article/K000132563 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4054 – Gentoo Linux Security Advisory 202402-25
https://notcve.org/view.php?id=CVE-2023-4054
01 Aug 2023 — When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird < 115.1. Al abrir archivos appref-ms, Firefox no advertía al usuario de que estos archivos podían contener código malicioso. Este fallo sólo afecta a Firefox en Windows. • https://bugzilla.mozilla.org/show_bug.cgi?id=1840777 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-2313
https://notcve.org/view.php?id=CVE-2023-2313
28 Jul 2023 — Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a malicious file. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-26077
https://notcve.org/view.php?id=CVE-2023-26077
24 Jul 2023 — Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions. • https://github.com/mandiant/Vulnerability-Disclosures • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-26078
https://notcve.org/view.php?id=CVE-2023-26078
24 Jul 2023 — Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs. • https://github.com/mandiant/Vulnerability-Disclosures •