CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2023-41745
https://notcve.org/view.php?id=CVE-2023-41745
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. • https://security-advisory.acronis.com/advisories/SEC-2008 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-41744
https://notcve.org/view.php?id=CVE-2023-41744
Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Agent (macOS) before build 30600, Acronis Cyber Protect 15 (macOS) before build 35979. • https://security-advisory.acronis.com/advisories/SEC-4728 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-41742
https://notcve.org/view.php?id=CVE-2023-41742
Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. • https://security-advisory.acronis.com/advisories/SEC-4351 • CWE-668: Exposure of Resource to Wrong Sphere CWE-1327: Binding to an Unrestricted IP Address •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-1409 – Certificate validation issue in MongoDB Server running on Windows or macOS
https://notcve.org/view.php?id=CVE-2023-1409
If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is possible that client certificate validation may not be in effect, potentially allowing client to establish a TLS connection with the server that supplies any certificate. This issue affect all MongoDB Server v6.3 versions, MongoDB Server v5.0 versions v5.0.0 to v5.0.14 and all MongoDB Server v4.4 versions. • https://jira.mongodb.org/browse/SERVER-73662 https://jira.mongodb.org/browse/SERVER-77028 https://security.netapp.com/advisory/ntap-20230921-0007 • CWE-295: Improper Certificate Validation •
CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 2CVE-2023-2318 – MarkText DOM-Based Cross-site Scripting leading to Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-2318
DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText. Cross-Site Scripting (XSS) basado en DOM en src/muya/lib/contentState/pasteCtrl.js de MarkText 0.17.1. y anteriores en Windows, Linux y macOS permite ejecutar código JavaScript arbitrario en el contexto de la ventana principal de MarkText. Esta vulnerabilidad puede explotarse si un usuario copia texto de una página web maliciosa y lo pega en MarkText. • https://github.com/marktext/marktext/issues/3618 https://starlabs.sg/advisories/23/23-2318 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •