CVE-2023-2679 – Data leakage in Adobe connector for SPE edition of SLM
https://notcve.org/view.php?id=CVE-2023-2679
Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data. • https://community.snowsoftware.com/s/feed/0D56M00009Ex9dySAB • CWE-269: Improper Privilege Management •
CVE-2022-0883 – Windows Unquoted/Trusted Service Paths
https://notcve.org/view.php?id=CVE-2022-0883
SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched. SLM presenta un problema de seguridad con las rutas de servicio no Citadas/Confiables de Windows. Todas las instalaciones versiones 9.x.x anteriores a 9.20.1 deben ser parcheadas • https://community.snowsoftware.com/s/feed/0D5690000BsNCO6CQO • CWE-428: Unquoted Search Path or Element •
CVE-2021-4106 – Vulnerability in Snow Inventory Java Scanner
https://notcve.org/view.php?id=CVE-2021-4106
A vulnerability in Snow Inventory Java Scanner allows an attacker to run malicious code at a higher level of privileges. This issue affects: SNOW Snow Inventory Java Scanner 1.0 Una vulnerabilidad en el escáner Java de Snow Inventory permite a un atacante ejecutar código malicioso a un nivel superior de privilegios. Este problema afecta a: SNOW Snow Inventory Java Scanner versión 1.0 • https://community.snowsoftware.com/s/feed/0D5690000BObYdUCQV • CWE-691: Insufficient Control Flow Management •
CVE-2021-44228 – Apache Log4j2 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44228
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. • https://github.com/fullhunt/log4j-scan https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words https://github.com/cyberstruggle/L4sh https://github.com/woodpecker-appstore/log4j-payload-generator https://github.com/tangxiaofeng7/apache-log4j-poc https://www.exploit-db.com/exploits/51183 https://www.exploit-db.com/exploits/50592 https://www.exploit-db.com/exploits/50590 https://github.com/logpresso/CVE-2021-44228-Scanner https://github.com/jas502n/Log4j2-CVE-2021-44228 h • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVE-2021-41562 – Deletion of arbitrary files vulnerability in Snow Agent for Windows
https://notcve.org/view.php?id=CVE-2021-41562
A vulnerability in Snow Snow Agent for Windows allows a non-admin user to cause arbitrary deletion of files. This issue affects: Snow Snow Agent for Windows version 5.0.0 to 6.7.1 on Windows. Una vulnerabilidad en Snow Snow Agent para Windows permite a un usuario no administrador causar un borrado arbitrario de archivos. Este problema afecta: Snow Snow Agent para Windows versión 5.0.0 hasta 6.7.1 en Windows • https://community.snowsoftware.com/s/group/0F91r000000QUhPCAW/news-updates • CWE-64: Windows Shortcut Following (.LNK) •