CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-45614
https://notcve.org/view.php?id=CVE-2023-45614
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. Existen vulnerabilidades de desbordamiento del búfer en CLI Service subyacente que podrían provocar la ejecución remota de código no autenticado mediante el envío de paquetes especialmente manipulados destinados al puerto UDP (8211) PAPI (protocolo de administración de puntos de acceso de Aruba). La explotación exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar código arbitrario como usuario privilegiado en el sistema operativo subyacente. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2023-42029 – IBM CICS TX cross-site scripting
https://notcve.org/view.php?id=CVE-2023-42029
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059. IBM CICS TX Standard 11.1, Advanced 10.1, 11.1 y TXSeries para multiplataformas 8.1, 8.2, 9.1 son vulnerables a cross site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266059 https://www.ibm.com/support/pages/node/7063659 https://www.ibm.com/support/pages/node/7063663 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2023-42027 – IBM CICS TX cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-42027
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057. IBM CICS TX Standard 11.1, Advanced 10.1, 11.1 y TXSeries for Multiplatforms 8.1, 8.2, 9.1 son vulnerables a cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía el sitio web. ID de IBM X-Force: 266057. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266057 https://www.ibm.com/support/pages/node/7063659 https://www.ibm.com/support/pages/node/7063664 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5739
https://notcve.org/view.php?id=CVE-2023-5739
Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege. Ciertas versiones HP PC Hardware Diagnostics de Windows son potencialmente vulnerables a la elevación de privilegios. • https://support.hp.com/us-en/document/ish_8128401-8128440-16 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5671
https://notcve.org/view.php?id=CVE-2023-5671
HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability. HP Print and Scan Doctor para Windows puede ser potencialmente vulnerable a una escalada de privilegios. HP está lanzando actualizaciones de software para mitigar la vulnerabilidad potencial. • https://support.hp.com/us-en/document/ish_9502679-9502704-16 • CWE-269: Improper Privilege Management •