CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50274 – Hewlett Packard Enterprise OneView startUpgradeCommon Command Injection Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-50274
23 Jan 2024 — HPE OneView may allow command injection with local privilege escalation. HPE OneView puede permitir la inyección de comandos con escalada de privilegios local. This vulnerability allows local attackers to escalate privileges code on affected installations of Hewlett Packard Enterprise OneView. An attacker must first obtain the ability to execute low-privileged code on the target system or send an HTTP request to a local service in order to exploit this vulnerability. The specific flaw exists within the star... • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04586en_us • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-47158 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2023-47158
22 Jan 2024 — IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750. IBM DB2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.1, 10.5 y 11.1 podría permitir que un usuario autenticado con privilegios CONNECT provoque una denegación de servicio mediante una consulta especialmente manipulada. ID de IBM X-Force: 270750. • https://exchange.xforce.ibmcloud.com/vulnerabilities/270750 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-27859 – IBM Db2 code execution
https://notcve.org/view.php?id=CVE-2023-27859
22 Jan 2024 — IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205. IBM Db2 10.1, 10.5 y 11.1 podría permitir que un usuario remoto ejecute código arbitrario causado por la instalación de archivos jar con nombres similares en múltiples bases de datos. Un usuario podría aprov... • https://exchange.xforce.ibmcloud.com/vulnerabilities/249205 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-47747 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2023-47747
22 Jan 2024 — IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646. IBM DB2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.1, 10.5 y 11.1 podría permitir que un usuario autenticado con privilegios CONNECT provoque una denegación de servicio mediante una consulta especialmente manipulada. ID de IBM X-Force: 272646. • https://exchange.xforce.ibmcloud.com/vulnerabilities/272646 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-47746 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2023-47746
22 Jan 2024 — IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 podría permitir que un usuario autenticado con privilegios CONNECT provoque una denegación de servicio mediante una consulta especialmente manipulada. ID de IBM X-Force: 272644. • https://exchange.xforce.ibmcloud.com/vulnerabilities/272644 • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50271 – HP-UX System Management Homepage, Disclosure of Information
https://notcve.org/view.php?id=CVE-2023-50271
17 Dec 2023 — A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information. Se ha identificado una posible vulnerabilidad de seguridad en HP-UX System Management Homepage (SMH). Esta vulnerabilidad podría explotarse local o remotamente para revelar información. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04551en_us • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2023-4694
https://notcve.org/view.php?id=CVE-2023-4694
14 Dec 2023 — Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when sending a SOAP message to the service on TCP port 3911 that contains a body but no header. Ciertas impresoras HP OfficeJet Pro son potencialmente vulnerables a una denegación de servicio cuando envían un mensaje SOAP al servicio en el puerto TCP 3911 que contiene un cuerpo pero no un encabezado. • https://support.hp.com/us-en/document/ish_9823639-9823677-16/hpsbpi03894 •
CVSS: 3.6EPSS: 0%CPEs: 6EXPL: 0CVE-2023-29066 – Incorrect User Management
https://notcve.org/view.php?id=CVE-2023-29066
28 Nov 2023 — The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders. El software FACSChorus no asigna correctamente privilegios de acceso a datos para las cuentas de usuario del sistema operativo. Una cuenta de sistema operativo no administrativa puede modificar la información almacenada en las carpetas de datos de la aplicación local. • https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 4.6EPSS: 0%CPEs: 6EXPL: 0CVE-2023-29065 – Overly Permissive Access Policy
https://notcve.org/view.php?id=CVE-2023-29065
28 Nov 2023 — The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database. Se puede acceder directamente a la base de datos del software FACSChorus con los privilegios del usuario actualmente conectado. Un actor de amenazas con acceso físico podría obtener credenciales, que podrían usarse para alterar o destruir datos almacenados en ... • https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software • CWE-277: Insecure Inherited Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.6EPSS: 0%CPEs: 6EXPL: 0CVE-2023-29064 – Hardcoded Secrets
https://notcve.org/view.php?id=CVE-2023-29064
28 Nov 2023 — The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts. El software FACSChorus contiene información confidencial almacenada en texto plano. Un actor de amenazas podría obtener secretos codificados utilizados por la aplicación, que incluyen tokens y contraseñas para cuentas administrativas. • https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software • CWE-798: Use of Hard-coded Credentials •