CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2023-24939 – Server for NFS Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-24939
09 May 2023 — Server for NFS Denial of Service Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24939 •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-24899 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-24899
09 May 2023 — Windows Graphics Component Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24899 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-591: Sensitive Data Storage in Improperly Locked Memory •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24898 – Windows SMB Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-24898
09 May 2023 — Windows SMB Denial of Service Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24898 •
CVSS: 8.1EPSS: 0%CPEs: 14EXPL: 0CVE-2023-28283 – Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-28283
09 May 2023 — Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28283 • CWE-591: Sensitive Data Storage in Improperly Locked Memory •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-30268
https://notcve.org/view.php?id=CVE-2023-30268
04 May 2023 — CLTPHP <=6.0 is vulnerable to Improper Input Validation. • https://gist.github.com/HuBenLab/16dc2f87f91a6f8c60eefce5abf18c08 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-24461 – BIG-IP Edge Client for Windows and macOS vulnerability
https://notcve.org/view.php?id=CVE-2023-24461
03 May 2023 — An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not eva... • https://my.f5.com/manage/s/article/K000132539 • CWE-295: Improper Certificate Validation •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2023-22372 – BIG-IP Edge Client for Windows and Mac OS vulnerability
https://notcve.org/view.php?id=CVE-2023-22372
03 May 2023 — In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000132522 • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 9.3EPSS: 0%CPEs: 21EXPL: 0CVE-2022-30995
https://notcve.org/view.php?id=CVE-2022-30995
03 May 2023 — Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545. • https://security-advisory.acronis.com/advisories/SEC-3855 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 3%CPEs: 21EXPL: 2CVE-2022-3405 – Acronis Cyber Protect/Backup Remote Code Execution
https://notcve.org/view.php?id=CVE-2022-3405
03 May 2023 — Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545. The Acronis Cyber Protect appliance, in its default configuration, allows the anonymous registration of new protect/backup agents on new endpoints. This API endpoint also generates bearer tokens which the agent then uses to authenticate to the... • https://packetstorm.news/files/id/182937 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48482
https://notcve.org/view.php?id=CVE-2022-48482
02 May 2023 — 3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs. • https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •