CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-45193 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2023-45193
22 Jan 2024 — IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759. El servidor federado IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.5 es vulnerable a una denegación de servicio cuando se utiliza un cursor especialmente manipulado. ID de IBM X-Force: 268759. • https://exchange.xforce.ibmcloud.com/vulnerabilities/268759 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-50308 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2023-50308
22 Jan 2024 — IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393. IBM Db2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 11.5 bajo ciertas circunstancias podría permitir que un usuario autenticado en la base de datos provoque una denegación de servicio cuando se ejecuta una declaración en tablas de columnas. ID de IBM X-F... • https://exchange.xforce.ibmcloud.com/vulnerabilities/273393 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-47746 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2023-47746
22 Jan 2024 — IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 podría permitir que un usuario autenticado con privilegios CONNECT provoque una denegación de servicio mediante una consulta especialmente manipulada. ID de IBM X-Force: 272644. • https://exchange.xforce.ibmcloud.com/vulnerabilities/272644 • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0770 – European Chemicals Agency IUCLID Desktop Installer iuclid6.exe default permission
https://notcve.org/view.php?id=CVE-2024-0770
21 Jan 2024 — A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. VDB-251670 is the identifier assigned to this vulnerability. • https://imagebin.ca/v/7nx8zv3l62Kf • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2024-23331 – Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem
https://notcve.org/view.php?id=CVE-2024-23331
19 Jan 2024 — Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area reduced to hosts having case-insensitive filesystems. Since `picomatch` defaults to case-sensitive glob matching, but the file server doesn't discriminate; a blacklist bypass is possible. • https://github.com/vitejs/vite/commit/91641c4da0a011d4c5352e88fc68389d4e1289a5 • CWE-178: Improper Handling of Case Sensitivity CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0725 – ProSSHD denial of service
https://notcve.org/view.php?id=CVE-2024-0725
19 Jan 2024 — A vulnerability was found in ProSSHD 1.2 on Windows. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to denial of service. The attack can be initiated remotely. • https://packetstormsecurity.com/files/176544/ProSSHD-1.2-20090726-Denial-Of-Service.html • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0723 – freeSSHd denial of service
https://notcve.org/view.php?id=CVE-2024-0723
19 Jan 2024 — A vulnerability was found in freeSSHd 1.0.9 on Windows. It has been classified as problematic. This affects an unknown part. The manipulation leads to denial of service. It is possible to initiate the attack remotely. • https://packetstormsecurity.com/files/176545/freeSSHd-1.0.9-Denial-Of-Service.html • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-35020 – IBM Sterling Control Center directory traversal
https://notcve.org/view.php?id=CVE-2023-35020
19 Jan 2024 — IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257874. IBM Sterling Control Center versión 6.3.0 podría permitir que un atacante remoto atraviese directorios del sistema. Un atacante podría enviar una solicitud URL especialmente manipulada que contenga secuencias de "puntos" (/../) para ver archivos arbitra... • https://exchange.xforce.ibmcloud.com/vulnerabilities/257874 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40683 – IBM OpenPages with Watson privilege escalation
https://notcve.org/view.php?id=CVE-2023-40683
19 Jan 2024 — IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005. IBM OpenPages con Watson 8.3 y 9.0 podría permitir a un atacante remoto eludir las restricciones de seguridad causadas por comprobaciones de autorizac... • https://exchange.xforce.ibmcloud.com/vulnerabilities/264005 • CWE-264: Permissions, Privileges, and Access Controls CWE-285: Improper Authorization •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38738 – IBM OpenPages with Watson information disclosure
https://notcve.org/view.php?id=CVE-2023-38738
19 Jan 2024 — IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594. IBM OpenPages con Watson 8.3 y 9.0 podría proporcionar una seguridad más débil de lo esperado en un entorno OpenPages ut... • https://exchange.xforce.ibmcloud.com/vulnerabilities/262594 • CWE-257: Storing Passwords in a Recoverable Format •