CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-31849
https://notcve.org/view.php?id=CVE-2024-31849
05 Apr 2024 — A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. Existe una vulnerabilidad de path traversal en la versión Java de CData Connect < 23.4.8846 cuando se ejecuta utilizando el servidor Jetty integrado, lo que podría permitir que un atacante remoto no autenticado obtenga acceso administrativo completo a la aplicació... • https://github.com/Stuub/CVE-2024-31848-PoC • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7224
https://notcve.org/view.php?id=CVE-2023-7224
08 Jan 2024 — OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable OpenVPN Connect versión 3.0 a 3.4.6 en macOS permite a los usuarios locales ejecutar código en librerías externas de terceros utilizando la variable de entorno DYLD_INSERT_LIBRARIES • https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3761
https://notcve.org/view.php?id=CVE-2022-3761
17 Oct 2023 — OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials Las versiones de OpenVPN Connect anteriores a 3.4.0.4506 (macOS) y OpenVPN Connect anteriores a 3.4.0.3100 (Windows) permiten a atacantes intermediarios interceptar solicitudes de descarga de perfiles de configuración que contienen las credenciales de los usuarios. • https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log • CWE-295: Improper Certificate Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4665 – Privilage Escalation in Saphira Connect
https://notcve.org/view.php?id=CVE-2023-4665
15 Sep 2023 — Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9. Vulnerabilidad de ejecución incorrecta de permisos asignados en Saphira Saphira Connect permite la Escalación de Privilegios. Este problema afecta a Saphira Connect: antes de la versión 9. • https://www.usom.gov.tr/bildirim/tr-23-0535 • CWE-279: Incorrect Execution-Assigned Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4664 – Privilage Escalation in Saphira Connect
https://notcve.org/view.php?id=CVE-2023-4664
15 Sep 2023 — Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9. Vulnerabilidad de Permisos Predeterminados Incorrectos en Saphira Saphira Connect permite la Escalación de Privilegios. Este problema afecta a Saphira Connect: antes de la versión 9. • https://www.usom.gov.tr/bildirim/tr-23-0535 • CWE-276: Incorrect Default Permissions •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4663 – XSS in Saphira Connect
https://notcve.org/view.php?id=CVE-2023-4663
15 Sep 2023 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saphira Saphira Connect allows Reflected XSS.This issue affects Saphira Connect: before 9. Neutralización inadecuada de etiquetas HTML relacionadas con secuencias de comandos en una vulnerabilidad de página web (XSS básico) en Saphira Saphira Connect permite Cross-Site Scripting (XSS) reflejado. Este problema afecta a Saphira Connect: antes de la versión 9. • https://www.usom.gov.tr/bildirim/tr-23-0535 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4662 – RCE in Saphira Connect
https://notcve.org/view.php?id=CVE-2023-4662
15 Sep 2023 — Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.This issue affects Saphira Connect: before 9. Vulnerabilidad de Ejecución con Privilegios Innecesarios en Saphira Saphira Connect permite la Inclusión de Código Remota. Este problema afecta a Saphira Connect: antes de la versión 9. • https://www.usom.gov.tr/bildirim/tr-23-0535 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4661 – SQLi in Saphira Connect
https://notcve.org/view.php?id=CVE-2023-4661
15 Sep 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection.This issue affects Saphira Connect: before 9. Neutralización Inadecuada de Elementos Especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en Saphira Saphira Connect permite la inyección SQL. Este problema afecta a Saphira Connect: antes de la versión 9. • https://www.usom.gov.tr/bildirim/tr-23-0535 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29305 – Adobe Connect Reflected Cross-Site Scripting (XSS) Arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-29305
13 Sep 2023 — Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Las versiones 12.3 y anteriores de Adobe Connect se ven afectadas por una vulnerabilidad Cross-Site Scripting (XSS) Reflejada. Si un atacante puede convencer a una víctima para que visite una URL que haga referencia a una p... • https://helpx.adobe.com/security/products/connect/apsb23-33.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29306 – Adobe Connect Reflected Cross-Site Scripting (XSS) Arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-29306
13 Sep 2023 — Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Las versiones 12.3 y anteriores de Adobe Connect se ven afectadas por una vulnerabilidad Cross-Site Scripting (XSS) Reflejada. Si un atacante puede convencer a una víctima para que visite una URL que haga referencia a una p... • https://helpx.adobe.com/security/products/connect/apsb23-33.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •