CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-32162 – Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-32162
26 May 2023 — Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the WacomInstallI.txt file by the PrefUtil.exe utility. The issue results from incorrect permissions on the W... • https://github.com/LucaBarile/ZDI-CAN-16318 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2023-2874 – Twister Antivirus IoControlCode filppd.sys 0x804f2140 denial of service
https://notcve.org/view.php?id=CVE-2023-2874
24 May 2023 — A vulnerability, which was classified as problematic, has been found in Twister Antivirus 8. This issue affects the function 0x804f2158/0x804f2154/0x804f2150/0x804f215c/0x804f2160/0x80800040/0x804f214c/0x804f2148/0x804f2144/0x801120e4/0x804f213c/0x804f2140 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1hcj4tdRveydUv84J5IEQFmjF1XxUvxGy/view?usp=sharing • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2023-2873 – Twister Antivirus IoControlCode filppd.sys 0x80800043 memory corruption
https://notcve.org/view.php?id=CVE-2023-2873
24 May 2023 — A vulnerability classified as critical was found in Twister Antivirus 8. This vulnerability affects the function 0x804f2143/0x804f217f/0x804f214b/0x80800043 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1ABRMxr6Ek02P_WAXjyYLGQ4sHYMVQTka/view?usp=sharing • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32336 – IBM InfoSphere Information Server code execution
https://notcve.org/view.php?id=CVE-2023-32336
22 May 2023 — IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255285 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-47984 – IBM InfoSphere Information Server SQL injection
https://notcve.org/view.php?id=CVE-2022-47984
19 May 2023 — IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163. • https://exchange.xforce.ibmcloud.com/vulnerabilities/243163 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-22878 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2023-22878
19 May 2023 — IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244373 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-28529 – IBM InfoSphere Information Server 11.7
https://notcve.org/view.php?id=CVE-2023-28529
19 May 2023 — IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251213. • https://https://exchange.xforce.ibmcloud.com/vulnerabilities/251213 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2023-28950 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2023-28950
19 May 2023 — IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358. • https://exchange.xforce.ibmcloud.com/vulnerabilities/251358 •
CVSS: 6.2EPSS: 0%CPEs: 10EXPL: 0CVE-2023-28514 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2023-28514
19 May 2023 — IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398. • https://exchange.xforce.ibmcloud.com/vulnerabilities/250398 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-33240
https://notcve.org/view.php?id=CVE-2023-33240
19 May 2023 — Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2. • https://www.foxit.com/support/security-bulletins.html • CWE-276: Incorrect Default Permissions •