CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-45454
https://notcve.org/view.php?id=CVE-2022-45454
13 Feb 2023 — Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-4379 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-276: Incorrect Default Permissions •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-0575 – Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-0575
09 Feb 2023 — External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.0.0 • https://www.yugabyte.com • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-642: External Control of Critical State Data •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43550
https://notcve.org/view.php?id=CVE-2022-43550
09 Feb 2023 — A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd854b2 when launching browsers on Windows which could allow an attacker to insert an arbitrary URL which opens up the opportunity to remote execution. • https://github.com/jitsi/jitsi/commit/8aa7be58522f4264078d54752aae5483bfd854b2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.0EPSS: 0%CPEs: 14EXPL: 0CVE-2022-42436 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2022-42436
08 Feb 2023 — IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238206 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-34362 – IBM Sterling Secure Proxy HOST header injection
https://notcve.org/view.php?id=CVE-2022-34362
08 Feb 2023 — IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523. • https://exchange.xforce.ibmcloud.com/vulnerabilities/230523 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-35720 – IBM Sterling External Authentication Server information disclosure
https://notcve.org/view.php?id=CVE-2022-35720
08 Feb 2023 — IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373. • https://www.ibm.com/support/pages/node/6890663 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-23475 – IBM Infosphere Information Server cross-site scripting
https://notcve.org/view.php?id=CVE-2023-23475
08 Feb 2023 — IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245423. • https://www.ibm.com/support/pages/node/6890711 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0002 – Cortex XDR Agent: Product Disruption by Local Windows User
https://notcve.org/view.php?id=CVE-2023-0002
08 Feb 2023 — A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. • https://security.paloaltonetworks.com/CVE-2023-0002 • CWE-693: Protection Mechanism Failure •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0001 – Cortex XDR Agent: Cleartext Exposure of Agent Admin Password
https://notcve.org/view.php?id=CVE-2023-0001
08 Feb 2023 — An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent. • https://security.paloaltonetworks.com/CVE-2023-0001 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-38777
https://notcve.org/view.php?id=CVE-2022-38777
08 Feb 2023 — An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. • https://discuss.elastic.co/t/elastic-7-17-9-8-5-0-and-8-6-1-security-update/324661 • CWE-269: Improper Privilege Management •