CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0CVE-2023-21797 – Microsoft ODBC Driver Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21797
14 Feb 2023 — Microsoft ODBC Driver Remote Code Execution Vulnerability Vulnerabilidad de Ejecución de Código Remota de Microsoft ODBC Driver • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21797 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.0EPSS: 0%CPEs: 28EXPL: 0CVE-2023-21684 – Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21684
14 Feb 2023 — Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21684 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-45455
https://notcve.org/view.php?id=CVE-2022-45455
13 Feb 2023 — Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-4459 • CWE-459: Incomplete Cleanup •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-45454
https://notcve.org/view.php?id=CVE-2022-45454
13 Feb 2023 — Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-4379 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-276: Incorrect Default Permissions •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-0575 – Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-0575
09 Feb 2023 — External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.0.0 • https://www.yugabyte.com • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-642: External Control of Critical State Data •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43550
https://notcve.org/view.php?id=CVE-2022-43550
09 Feb 2023 — A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd854b2 when launching browsers on Windows which could allow an attacker to insert an arbitrary URL which opens up the opportunity to remote execution. • https://github.com/jitsi/jitsi/commit/8aa7be58522f4264078d54752aae5483bfd854b2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.0EPSS: 0%CPEs: 14EXPL: 0CVE-2022-42436 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2022-42436
08 Feb 2023 — IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238206 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-34362 – IBM Sterling Secure Proxy HOST header injection
https://notcve.org/view.php?id=CVE-2022-34362
08 Feb 2023 — IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523. • https://exchange.xforce.ibmcloud.com/vulnerabilities/230523 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-35720 – IBM Sterling External Authentication Server information disclosure
https://notcve.org/view.php?id=CVE-2022-35720
08 Feb 2023 — IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373. • https://www.ibm.com/support/pages/node/6890663 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-23475 – IBM Infosphere Information Server cross-site scripting
https://notcve.org/view.php?id=CVE-2023-23475
08 Feb 2023 — IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245423. • https://www.ibm.com/support/pages/node/6890711 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •