CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23769
https://notcve.org/view.php?id=CVE-2024-23769
07 Feb 2024 — Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data. El control de privilegios inadecuado para la canalización con nombre en Samsung Magician PC Software 8.0.0 (para Windows) permite a un atacante local leer datos privilegiados. • https://semiconductor.samsung.com/support/quality-support/product-security-updates •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-32479 – Dell Security Management Server Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-32479
06 Feb 2024 — Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation. Las versiones de Dell Encryption, Dell Endpoint Security Suite Enterprise y Dell Security Management S... • https://packetstorm.news/files/id/177832 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-25140
https://notcve.org/view.php?id=CVE-2024-25140
06 Feb 2024 — A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of security measures for the private key, and arbitrary software could be signed if the private key were to be compromised. NOTE: the vendor's position is "we do not have EV cert, so we use test cert as a workaround.... • https://github.com/rustdesk/rustdesk/discussions/6444 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-24682 – Automation Studio and PVI Multiple unquoted service path vulnerabilities
https://notcve.org/view.php?id=CVE-2020-24682
02 Feb 2024 — Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4. Vulnerabilidad de elemento o ruta de búsqueda sin comillas en B&R Industrial Autom... • https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf • CWE-428: Unquoted Search Path or Element •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-24681 – Automation Studio and PVI Multiple incorrect permission assignments for services
https://notcve.org/view.php?id=CVE-2020-24681
02 Feb 2024 — Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP. La asignación de permisos incorrecta para la vulnerabilidad de recursos críticos en B&R Industrial Automation Automation Studio permite la escalada de privilegios. Este problema afecta a Automation Studio: desde 4.6.0... • https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-24482
https://notcve.org/view.php?id=CVE-2024-24482
02 Feb 2024 — Aprktool before 2.9.3 on Windows allows ../ and /.. directory traversal. Aprktool anterior a 2.9.3 en Windows permite ../ y /.. directory traversal. • https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-vgwr-4w3p-xmjv • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0589
https://notcve.org/view.php?id=CVE-2024-0589
31 Jan 2024 — Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry. Vulnerabilidad de cross site scripting (XSS) en la pestaña de descripción general de la entrada en Devolutions Remote Desktop Manager 2023.3.36 y versiones anteriores en Windows permite a un atacante con acceso a una fuente de datos inyectar un script ma... • https://devolutions.net/security/advisories/DEVO-2024-0001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-4554 – XML External Entity (XXE) Processing
https://notcve.org/view.php?id=CVE-2023-4554
29 Jan 2024 — Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them. This issue affects AppBuilder: from 21.2 before 23.2. Vulnerabilidad de restricción inadecuada de la ... • https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-4553 – Unauthenticated Access to AppBuilder Configuration Files
https://notcve.org/view.php?id=CVE-2023-4553
29 Jan 2024 — Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. AppBuilder configuration files are viewable by unauthenticated users. This issue affects AppBuilder: from 21.2 before 23.2. Vulnerabilidad de validación de entrada incorrecta en OpenText AppBuilder en Windows, Linux permite sondear archivos del sistema. Los usuarios no autenticados pueden ver los archivos de configuración de AppBuilder. • https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-4552 – Java Database Connectivity (JDBC) URL Manipulation
https://notcve.org/view.php?id=CVE-2023-4552
29 Jan 2024 — Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server - including access to its local file system. This issue affects AppBuilder: from 21.2 before 23.2. Vulnerabilidad de validación de entrada incorrecta en OpenText AppBuilder en Windows, Linux permite sondear archivos del sistema. Un usuario autenticado de AppBuilde... • https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b • CWE-20: Improper Input Validation •