CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45883
https://notcve.org/view.php?id=CVE-2023-45883
A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard users may use this to gain arbitrary code execution as SYSTEM. Existe una vulnerabilidad de escalada de privilegios en Qumu Multicast Extension v2 anterior a 2.0.63 para Windows. Cuando un usuario estándar inicia una reparación del software, se abre una ventana emergente con privilegios de SYSTEM. • https://hackandpwn.com/disclosures/CVE-2023-45883.pdf https://www.vidyo.com/enterprise-video-management/qumu • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4601 – Stack-based Buffer Overflow in NI System Configuration Software
https://notcve.org/view.php?id=CVE-2023-4601
A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. Successful exploitation requires that an attacker can provide a specially crafted response. This affects NI System Configuration 2023 Q3 and all previous versions. Existe una vulnerabilidad de desbordamiento del búfer basada en pila en NI System Configuration que podría resultar en la divulgación de información y/o la ejecución de código arbitrario. La explotación exitosa requiere que un atacante pueda proporcionar una respuesta especialmente manipulada. • https://www.ni.com/en/support/documentation/supplemental/23/stack-based-buffer-overflow-in-ni-system-configuration.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-43891 – IBM Security Verify Privilege information disclosure
https://notcve.org/view.php?id=CVE-2022-43891
IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 240454. IBM Security Verify Privilege On-Premises 11.5 podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría usarse en futuros ataques contra el System. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240454 https://www.ibm.com/support/pages/node/7047202 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-43892 – IBM Security Verify Privilege information disclosure
https://notcve.org/view.php?id=CVE-2022-43892
IBM Security Verify Privilege On-Premises 11.5 does not validate, or incorrectly validates, a certificate which could disclose sensitive information which could aid further attacks against the system. IBM X-Force ID: 240455. IBM Security Verify Privilege On-Premises 11.5 no valida, o valida incorrectamente, un certificado que podría revelar información confidencial que podría contribuir a futuros ataques contra el System. ID de IBM X-Force: 240455. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240455 https://www.ibm.com/support/pages/node/7047202 • CWE-295: Improper Certificate Validation •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-43893 – IBM Security Verify Privilege denial of service
https://notcve.org/view.php?id=CVE-2022-43893
IBM Security Verify Privilege On-Premises 11.5 could allow a privileged user to cause by using a malicious payload. IBM X-Force ID: 240634. IBM Security Verify Privilege On-Premises 11.5 podría permitir que un usuario privilegiado cause una vulnerabilidad por el consumo de recursos de un payload malicioso. ID de IBM X-Force: 240634. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240534 https://www.ibm.com/support/pages/node/7047202 • CWE-400: Uncontrolled Resource Consumption •