CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-47145 – IBM Db2 for Windows privilege escalation
https://notcve.org/view.php?id=CVE-2023-47145
07 Jan 2024 — IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402. IBM Db2 para Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 podría permitir a un usuario local escalar sus privilegios al usuario de SYSTEM mediante la funcionalidad de reparación de MSI ID de IBM X-Force: 270402. • https://exchange.xforce.ibmcloud.com/vulnerabilities/270402 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47039 – Perl: perl for windows binary hijacking vulnerability
https://notcve.org/view.php?id=CVE-2023-47039
02 Jan 2024 — A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permis... • https://access.redhat.com/security/cve/CVE-2023-47039 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-45702 – HCL Launch Agent as a Windows service is vulnerable to a Denial of Service
https://notcve.org/view.php?id=CVE-2023-45702
28 Dec 2023 — An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts.. Un agente de implementación HCL UrbanCode instalado como un servicio de Windows en una ubicación no estándar podría estar sujeto a un ataque de denegación de servicio por parte de cuentas locales. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108646 •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2021-38927 – IBM Aspera Console cross-site scripting
https://notcve.org/view.php?id=CVE-2021-38927
25 Dec 2023 — IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210322. IBM Aspera Console 3.4.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría... • https://exchange.xforce.ibmcloud.com/vulnerabilities/210322 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-7047
https://notcve.org/view.php?id=CVE-2023-7047
21 Dec 2023 — Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL data sources. La validación inadecuada de permisos al emplear herramientas remotas y macros a través del menú contextual dentro de las versiones 2023.3.31 y anteriores de Devolutions Remote Desktop Manager permite a un... • https://devolutions.net/security/advisories/DEVO-2023-0024 • CWE-863: Incorrect Authorization •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 1CVE-2023-29487
https://notcve.org/view.php?id=CVE-2023-29487
21 Dec 2023 — An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module. Se descubrió un problema en las versiones 3.4.2 y anteriores del agente Heimdal Thor en Windows y 2.6.9 y anteriores en macOS, que permite a los atacantes provocar una denegación de servicio (DoS) a través del módulo de prevención de amenazas Threat To Process Correlation. An issue... • https://medium.com/%40drabek.a/weaknesses-in-heimdal-thors-line-of-products-9d0e5095fb93 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-29485
https://notcve.org/view.php?id=CVE-2023-29485
21 Dec 2023 — An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention module. Se descubrió un problema en las versiones 3.4.2 y anteriores del agente Heimdal Thor en Windows y 2.6.9 y anteriores en macOS, que permite a los atacantes omitir el filtrado de red, ejecutar código arbitrario y obtener información confidencial a tra... • https://medium.com/%40drabek.a/weaknesses-in-heimdal-thors-line-of-products-9d0e5095fb93 • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-29486
https://notcve.org/view.php?id=CVE-2023-29486
21 Dec 2023 — An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component. Se descubrió un problema en las versiones 3.4.2 y anteriores al 3.7.0 del agente Heimdal Thor en Windows, que permite a los atacantes omitir las restricciones de acceso USB, ejecutar código arbitrario y obtener información confidencial a través del componente antivirus de próxim... • https://medium.com/%40drabek.a/weaknesses-in-heimdal-thors-line-of-products-9d0e5095fb93 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-44684 – Windows Local Session Manager (LSM) Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-44684
20 Dec 2023 — Windows Local Session Manager (LSM) Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de Windows Local Session Manager (LSM) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44684 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-47707 – IBM Security Guardium Key Lifecycle Manager cross-site scripting
https://notcve.org/view.php?id=CVE-2023-47707
20 Dec 2023 — IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271522. IBM Security Guardium Key Lifecycle Manager 4.3 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterand... • https://exchange.xforce.ibmcloud.com/vulnerabilities/271522 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •