CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-47746 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2023-47746
22 Jan 2024 — IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 podría permitir que un usuario autenticado con privilegios CONNECT provoque una denegación de servicio mediante una consulta especialmente manipulada. ID de IBM X-Force: 272644. • https://exchange.xforce.ibmcloud.com/vulnerabilities/272644 • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50271 – HP-UX System Management Homepage, Disclosure of Information
https://notcve.org/view.php?id=CVE-2023-50271
17 Dec 2023 — A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information. Se ha identificado una posible vulnerabilidad de seguridad en HP-UX System Management Homepage (SMH). Esta vulnerabilidad podría explotarse local o remotamente para revelar información. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04551en_us • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2023-4694
https://notcve.org/view.php?id=CVE-2023-4694
14 Dec 2023 — Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when sending a SOAP message to the service on TCP port 3911 that contains a body but no header. Ciertas impresoras HP OfficeJet Pro son potencialmente vulnerables a una denegación de servicio cuando envían un mensaje SOAP al servicio en el puerto TCP 3911 que contiene un cuerpo pero no un encabezado. • https://support.hp.com/us-en/document/ish_9823639-9823677-16/hpsbpi03894 •
CVSS: 3.6EPSS: 0%CPEs: 6EXPL: 0CVE-2023-29066 – Incorrect User Management
https://notcve.org/view.php?id=CVE-2023-29066
28 Nov 2023 — The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders. El software FACSChorus no asigna correctamente privilegios de acceso a datos para las cuentas de usuario del sistema operativo. Una cuenta de sistema operativo no administrativa puede modificar la información almacenada en las carpetas de datos de la aplicación local. • https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 4.6EPSS: 0%CPEs: 6EXPL: 0CVE-2023-29065 – Overly Permissive Access Policy
https://notcve.org/view.php?id=CVE-2023-29065
28 Nov 2023 — The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database. Se puede acceder directamente a la base de datos del software FACSChorus con los privilegios del usuario actualmente conectado. Un actor de amenazas con acceso físico podría obtener credenciales, que podrían usarse para alterar o destruir datos almacenados en ... • https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software • CWE-277: Insecure Inherited Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.6EPSS: 0%CPEs: 6EXPL: 0CVE-2023-29064 – Hardcoded Secrets
https://notcve.org/view.php?id=CVE-2023-29064
28 Nov 2023 — The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts. El software FACSChorus contiene información confidencial almacenada en texto plano. Un actor de amenazas podría obtener secretos codificados utilizados por la aplicación, que incluyen tokens y contraseñas para cuentas administrativas. • https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software • CWE-798: Use of Hard-coded Credentials •
CVSS: 2.4EPSS: 0%CPEs: 6EXPL: 0CVE-2023-29063 – Lack of DMA Access Protections
https://notcve.org/view.php?id=CVE-2023-29063
28 Nov 2023 — The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup. La estación de trabajo FACSChorus no impide el acceso físico a sus ranuras PCI express (PCIe), lo que podría permitir que un actor de amenazas inserte una tarjeta PCI diseñada para la captura de m... • https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software • CWE-306: Missing Authentication for Critical Function CWE-1299: Missing Protection Mechanism for Alternate Hardware Interface •
CVSS: 3.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-29062 – Unsecure Identity Verification
https://notcve.org/view.php?id=CVE-2023-29062
28 Nov 2023 — The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes being sent to a malicious entity position on the local network. These hashes can subsequently be attacked through brute force and cracked if a weak password is used. This attack would only apply to domain joined sy... • https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software • CWE-287: Improper Authentication •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2023-29061 – Lack of Adequate BIOS Authentication
https://notcve.org/view.php?id=CVE-2023-29061
28 Nov 2023 — There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication. No existe una contraseña de BIOS en la estación de trabajo FACSChorus. Un actor de amenazas con acceso físico a la estación de trabajo puede explotar esta vulnerabilidad para acceder a la configuración del BIOS y modificar el orden de inicio de la unidad y l... • https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-29060 – Lack of USB Whitelisting
https://notcve.org/view.php?id=CVE-2023-29060
28 Nov 2023 — The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data. El sistema operativo de la estación de trabajo FACSChorus no restringe qué dispositivos pueden interactuar con sus puertos USB. Si se explota, un actor de amenazas con acceso físico a la estación de trabajo podría obtener acceso a la información del sistema y po... • https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software • CWE-306: Missing Authentication for Critical Function CWE-1299: Missing Protection Mechanism for Alternate Hardware Interface •