CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-35896 – IBM Content Navigator server-side request forgery
https://notcve.org/view.php?id=CVE-2023-35896
IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247. IBM Content Navigator 3.0.13 es vulnerable a server-side request forgery (SSRF). Esto puede permitir que un atacante autenticado envíe solicitudes no autorizadas desde el sistema, lo que podría provocar la enumeración de la red o facilitar otros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259247 https://www.ibm.com/support/pages/node/7065203 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2023-42029 – IBM CICS TX cross-site scripting
https://notcve.org/view.php?id=CVE-2023-42029
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059. IBM CICS TX Standard 11.1, Advanced 10.1, 11.1 y TXSeries para multiplataformas 8.1, 8.2, 9.1 son vulnerables a cross site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266059 https://www.ibm.com/support/pages/node/7063659 https://www.ibm.com/support/pages/node/7063663 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2023-42027 – IBM CICS TX cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-42027
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057. IBM CICS TX Standard 11.1, Advanced 10.1, 11.1 y TXSeries for Multiplatforms 8.1, 8.2, 9.1 son vulnerables a cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía el sitio web. ID de IBM X-Force: 266057. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266057 https://www.ibm.com/support/pages/node/7063659 https://www.ibm.com/support/pages/node/7063664 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-31027
https://notcve.org/view.php?id=CVE-2023-31027
NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges. NVIDIA GPU Display Driver para Windows contiene una vulnerabilidad que permite a los usuarios de Windows con bajos niveles de privilegios escalar permisos cuando un administrador actualiza los controladores de GPU, lo que puede provocar una escalada de privilegios. • https://nvidia.custhelp.com/app/answers/detail/a_id/5491 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-31023
https://notcve.org/view.php?id=CVE-2023-31023
NVIDIA Display Driver for Windows contains a vulnerability where an attacker may cause a pointer dereference of an untrusted value, which may lead to denial of service. NVIDIA Display Driver para Windows contiene una vulnerabilidad en la que un atacante puede provocar una desreferencia del puntero de un valor que no es de confianza, lo que puede provocar una denegación de servicio. • https://nvidia.custhelp.com/app/answers/detail/a_id/5491 • CWE-822: Untrusted Pointer Dereference •