CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-44212
https://notcve.org/view.php?id=CVE-2023-44212
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31477. Divulgación y manipulación de información sensible por falta de autorización. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilación 31477. • https://security-advisory.acronis.com/SEC-2159 https://security-advisory.acronis.com/advisories/SEC-5528 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-43799 – The Altair Desktop Client Does Not Sanitize External URLs before passing them to the underlying system
https://notcve.org/view.php?id=CVE-2023-43799
Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL Client Desktop Application does not sanitize external URLs before passing them to the underlying system. Moreover, Altair GraphQL Client also does not isolate the context of the renderer process. This affects versions of the software running on MacOS, Windows, and Linux. Version 5.2.5 fixes this issue. • https://github.com/altair-graphql/altair/releases/tag/v5.2.5 https://github.com/altair-graphql/altair/security/advisories/GHSA-9m5v-vrf6-fmvm • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-44210
https://notcve.org/view.php?id=CVE-2023-44210
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29258. Divulgación y manipulación de información sensible por falta de autorización. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilación 29258. • https://security-advisory.acronis.com/SEC-5528 https://security-advisory.acronis.com/advisories/SEC-2159 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-44209
https://notcve.org/view.php?id=CVE-2023-44209
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29051. Escalada de privilegios locales debido a un manejo inadecuado de enlaces blandos. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilación 29051. • https://security-advisory.acronis.com/advisories/SEC-2119 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-40299
https://notcve.org/view.php?id=CVE-2023-40299
Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable. Kong Insomnia 2023.4.0 en macOS permite a los atacantes ejecutar código y acceder a archivos restringidos, o realizar solicitudes de permisos TCC, utilizando la variable de entorno DYLD_INSERT_LIBRARIES. • https://github.com/Kong/insomnia/pull/6217/commits https://github.com/Kong/insomnia/releases https://insomnia.rest/changelog https://www.angelystor.com/posts/cve-2023-40299 • CWE-114: Process Control •