CVSS: 8.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-26020 – Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Crafter Studio
https://notcve.org/view.php?id=CVE-2023-26020
17 Feb 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26. • https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023021701 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43930 – IBM Db2 for Linux, UNIX and Windows information disclosure
https://notcve.org/view.php?id=CVE-2022-43930
17 Feb 2023 — IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677. • https://exchange.xforce.ibmcloud.com/vulnerabilities/241677 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2022-43929 – IBM Db2 for Linux, UNIX and Windows denial of service
https://notcve.org/view.php?id=CVE-2022-43929
17 Feb 2023 — IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676. • https://exchange.xforce.ibmcloud.com/vulnerabilities/241676 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-43927 – IBM Db2 for Linux, UNIX and Windows information disclosure
https://notcve.org/view.php?id=CVE-2022-43927
17 Feb 2023 — IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671. • https://exchange.xforce.ibmcloud.com/vulnerabilities/241671 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-269: Improper Privilege Management •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-24964 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2023-24964
17 Feb 2023 — IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463. • https://exchange.xforce.ibmcloud.com/vulnerabilities/246463 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-22868 – IBM Aspera Faspex cross-site scripting
https://notcve.org/view.php?id=CVE-2023-22868
17 Feb 2023 — IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244117. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244117 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 96%CPEs: 5EXPL: 5CVE-2022-47986 – IBM Aspera Faspex Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-47986
17 Feb 2023 — IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512. IBM Aspera Faspex version 4.4.1 suffers from a YAML deserialization vulnerability that allows for remote code execution. • https://packetstorm.news/files/id/171772 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0882 – Authorization Bypass Through User-Controlled Key on Single Connect
https://notcve.org/view.php?id=CVE-2023-0882
17 Feb 2023 — Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16. Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16. • https://docs.krontech.com/singleconnect-2-16/update-patch-rdp-proxy-idor-vulnerability • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21578 – Adobe Photoshop Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-21578
17 Feb 2023 — Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vu... • https://helpx.adobe.com/security/products/photoshop/apsb23-11.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21575 – Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21575
17 Feb 2023 — Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Photoshop versiones 23.5.3 (y anteriores) y 24.1 (y anteriores), están afectadas por una vulnerabilidad de escritura fuera de límites que podría resultar en una ejecución de código arbitrario en el contexto del usuario a... • https://helpx.adobe.com/security/products/photoshop/apsb23-11.html • CWE-787: Out-of-bounds Write •